From a4308b19135bdadf339163f7e127c628d987a0fc Mon Sep 17 00:00:00 2001 From: PhiBo Date: Wed, 28 Apr 2021 15:11:23 +0200 Subject: Add CodeQL checks Add initial github actions to perform CodeQL securtiy checks --- .github/workflows/codeql-analysis.yml | 71 +++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..9de367e5 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '15 18 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + - name: Install packages + run: | + sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential + sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ + libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ + libdbd-sqlite3 libssl-dev libcurl4-openssl-dev liburiparser-dev + + - name: Configure build + run: | + ./tools/setup + ./configure --enable-libtap + + - name: Build + run: | + make + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 -- cgit v1.2.3-74-g34f1 From 175e43133c9dbeb156e52b8e54cd04e44401f424 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 3 Jul 2022 15:57:55 +0200 Subject: Update CodeQL and update runner before installing (#1775) --- .github/workflows/codeql-analysis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9de367e5..afe6ab4f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -53,6 +53,7 @@ jobs: - name: Install packages run: | + sudo apt update sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ @@ -62,10 +63,10 @@ jobs: run: | ./tools/setup ./configure --enable-libtap - + - name: Build run: | make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 -- cgit v1.2.3-74-g34f1 From de06e5832eb45ed0a23d4ad9f66d4faa51cb5371 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:49:31 +0100 Subject: Bump github/codeql-action from 1 to 2 (#1812) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index afe6ab4f..860c783c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -43,7 +43,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. -- cgit v1.2.3-74-g34f1 From 1bc6d81651c5b5fe865515d420fc2772f4997059 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Nov 2022 04:26:26 +0000 Subject: Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 860c783c..ab8bfaae 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL -- cgit v1.2.3-74-g34f1 From fbf0c9d208321cc2f9b9a1f166a8a582e41e53f8 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 28 Jun 2023 15:37:20 +0200 Subject: Fix indentation --- .github/workflows/codeql-analysis.yml | 54 +++++++++++++++++------------------ 1 file changed, 27 insertions(+), 27 deletions(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ab8bfaae..b56ac16d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,35 +38,35 @@ jobs: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - - name: Install packages - run: | - sudo apt update - sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential - sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ - libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ - libdbd-sqlite3 libssl-dev libcurl4-openssl-dev liburiparser-dev + - name: Install packages + run: | + sudo apt update + sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential + sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ + libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ + libdbd-sqlite3 libssl-dev libcurl4-openssl-dev liburiparser-dev - - name: Configure build - run: | - ./tools/setup - ./configure --enable-libtap + - name: Configure build + run: | + ./tools/setup + ./configure --enable-libtap - - name: Build - run: | - make + - name: Build + run: | + make - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 -- cgit v1.2.3-74-g34f1 From 73d79c2982478d43e8c63dccc3e54421272e2cbd Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 28 Jun 2023 15:38:14 +0200 Subject: Add missing document start --- .github/dependabot.yml | 1 + .github/workflows/codeql-analysis.yml | 1 + .github/workflows/test.yml | 1 + 3 files changed, 3 insertions(+) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 282063c4..07073644 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,3 +1,4 @@ +--- version: 2 updates: - package-ecosystem: github-actions diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b56ac16d..4fac7032 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,3 +1,4 @@ +--- # For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 88d5d661..306f21cf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,3 +1,4 @@ +--- name: Test on: -- cgit v1.2.3-74-g34f1 From dee6b03307c599b0cf74bc7fa3714b1335156aed Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 28 Jun 2023 15:40:02 +0200 Subject: Fix too many spaces inside brackets --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4fac7032..43b35d31 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -14,10 +14,10 @@ name: "CodeQL" on: push: - branches: [ master ] + branches: [master] pull_request: # The branches below must be a subset of the branches above - branches: [ master ] + branches: [master] schedule: - cron: '15 18 * * 0' @@ -33,7 +33,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'cpp' ] + language: ['cpp'] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed -- cgit v1.2.3-74-g34f1 From 743d41da0eb6452073b4a3f3f773704ae42356db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 04:33:25 +0000 Subject: Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/test.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 43b35d31..0317c8c0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5b9f1fcb..77b09f43 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Codespell uses: codespell-project/actions-codespell@v2 with: @@ -31,7 +31,7 @@ jobs: # runs-on: ubuntu-latest # steps: # - name: Checkout -# uses: actions/checkout@v3 +# uses: actions/checkout@v4 # - name: Lint Code Base # uses: github/super-linter@v5.0.0 # env: @@ -57,7 +57,7 @@ jobs: #... steps: - name: Git clone repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 #- name: Setup tmate session, see https://github.com/marketplace/actions/debugging-with-tmate # uses: mxschmitt/action-tmate@v3 - name: Run the tests on ${{ matrix.distro }} -- cgit v1.2.3-74-g34f1