forked from sandboxie-plus/Sandboxie
-
Notifications
You must be signed in to change notification settings - Fork 0
143 lines (119 loc) · 3.83 KB
/
codeql.yml
File metadata and controls
143 lines (119 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: "CodeQL"
on:
workflow_dispatch:
push:
branches: [master]
paths:
- '**.c'
- '**.cpp'
- '**.h'
- '**.hpp'
- '**.def'
- '**.rc'
- '**.idl'
- '**.sln'
- '**.vcxproj'
- '**.vcxproj.filters'
- '**.props'
pull_request:
types: [opened, reopened, synchronize]
branches: [master]
paths:
- '**.c'
- '**.cpp'
- '**.h'
- '**.hpp'
- '**.def'
- '**.rc'
- '**.idl'
- '**.sln'
- '**.vcxproj'
- '**.vcxproj.filters'
- '**.props'
schedule:
- cron: '33 7 * * 6'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
CODEQL_ACTION_FILE_COVERAGE_ON_PRS: true
jobs:
analyze-cpp:
name: Analyze (C/C++)
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
runs-on: windows-2022
timeout-minutes: 60
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
clean: true
- name: Initialize CodeQL (C/C++)
uses: github/codeql-action/init@v4
with:
languages: c-cpp
build-mode: manual
config-file: ./.github/codeql/codeql-config.yml
- name: Load Variables from buildVariables.cmd
id: vars
shell: cmd
run: |
@echo on
call "${{ github.workspace }}\Installer\buildVariables.cmd" build_qt6
echo qt6_version=%qt6_version% >> "%GITHUB_OUTPUT%"
- name: Setup msbuild
uses: microsoft/setup-msbuild@v3
- name: Install Qt6 x64
uses: jurplel/install-qt-action@v4
with:
version: ${{ steps.vars.outputs.qt6_version }}
arch: 'win64_msvc2022_64'
tools: 'tools_opensslv3_x64'
cache: true
- name: Installing Jom
run: SandboxiePlus\install_jom.cmd
- name: Build Sandboxie x86 (DLLs & svc)
run: msbuild /t:build Sandboxie\SandboxDll.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
- name: Build Sandboxie x64 (all)
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=x64 -maxcpucount:8
- name: Build Sandboxie x64 (drv)
run: msbuild /t:build Sandboxie\SandboxDrv.sln /p:Configuration="SbieRelease" /p:Platform=x64 -maxcpucount:8
- name: Build Sandboxie-Plus x64
run: SandboxiePlus\qmake_plus.cmd x64 build_qt6
- name: Build SbieShell x64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=x64
- name: Build Sandboxie-Tools x64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=x64 -maxcpucount:8
- name: Perform CodeQL Analysis (C/C++)
uses: github/codeql-action/analyze@v4
with:
category: "/language:c-cpp"
analyze-other:
name: Analyze
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ actions, javascript-typescript ]
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Initialize CodeQL (${{ matrix.language }})
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
- name: Perform CodeQL Analysis (${{ matrix.language }})
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"