Skip to content

CodeQL

CodeQL #177

# CodeQL workflow
name: CodeQL
on:
schedule:
- cron: '0 6 * * 6' # Every saturday at 06:00
workflow_dispatch:
jobs:
analyze-cpp:
name: Analyze C++ Code
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: zulu
java-version: 11
- name: Setup Mold
uses: rui314/setup-mold@v1
- name: Setup CCache
uses: hendrikmuhs/ccache-action@v1
- name: Setup Dependencies
run: sudo apt-get install ninja-build graphviz pipx uuid-dev
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: cpp
- name: Cache LLVM
id: cache-llvm
uses: actions/cache@v4
with:
path: /home/runner/work/spice/llvm
key: llvm-19.1.0
- name: Setup LLVM
if: steps.cache-llvm.outputs.cache-hit != 'true'
run: |
echo "/usr/lib/ccache:/usr/local/opt/ccache/libexec" >> $GITHUB_PATH
cd ..
git clone --depth 1 --branch llvmorg-19.1.0 https://github.com/llvm/llvm-project llvm
mkdir ./llvm/build
cd ./llvm/build
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DCMAKE_C_COMPILER=gcc -DCMAKE_CXX_COMPILER=g++ -DCMAKE_CXX_FLAGS_RELEASE="-O2" -DLLVM_ENABLE_RTTI=ON -GNinja ../llvm
cmake --build .
- name: Download Libs
run: |
chmod +x setup-libs.sh
./setup-libs.sh
- name: Build Test target
env:
LLVM_DIR: /home/runner/work/spice/llvm/build/lib/cmake/llvm
run: |
echo "/usr/lib/ccache:/usr/local/opt/ccache/libexec" >> $GITHUB_PATH
mkdir ./bin
cd ./bin
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DSPICE_BUILT_BY="ghactions" -DSPICE_LINK_STATIC=OFF -DSPICE_DEV_COMPILE=ON -GNinja -Wattributes ..
cmake --build . --target spicetest
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3