Skip to content

CodeQL

CodeQL #1

name: "CodeQL"
on:
workflow_dispatch:
schedule:
# Run job every Saturday at 10:20 UTC
- cron: '20 10 * * 6'
concurrency: codeql-${{ github.ref }}
# # See: https://github.com/github/codeql-action/issues/1082
# env:
# CODEQL_ACTION_EXTRA_OPTIONS: '{"database": {"run-queries": ["--off-heap-ram=0"]}}'
jobs:
ubuntu:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift']
language: ['c-cpp']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
group: [other]
# GraphBLAS and LAGraph disabled (the runners run out of memory or
# disk space)
# group: [other, graph]
include:
- group: other
build-libs: SuiteSparse_config:AMD:COLAMD:SPEX
# - group: graph
# build-libs: GraphBLAS:LAGraph
name: CodeQL (Ubuntu, ${{ matrix.group }})
steps:
- name: checkout repository
uses: actions/checkout@v4
- name: install dependencies
run: |
sudo apt -qq update
sudo apt install -y g++ gcc autoconf automake cmake \
dvipng gfortran libgmp-dev liblapack-dev libmpfr-dev \
libopenblas-dev nvidia-cuda-dev nvidia-cuda-toolkit
- name: create empty libraries
# This is to work around a bug in nvlink.
# See: https://forums.developer.nvidia.com/t/nvlink-fatal-could-not-open-input-file-when-linking-with-empty-static-library/208517
run: |
touch empty.c
gcc -fPIC -c empty.c -oempty.o
ar rcsv libdl.a empty.o
ar rcsv librt.a empty.o
ar rcsv libpthread.a empty.o
# overwrite system libraries with "valid" empty libraries
sudo mv ./libdl.a /usr/lib/x86_64-linux-gnu/libdl.a
sudo mv ./librt.a /usr/lib/x86_64-linux-gnu/librt.a
sudo mv ./libpthread.a /usr/lib/x86_64-linux-gnu/libpthread.a
- name: initialize CodeQL
# Initialize the CodeQL tools for scanning.
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
- name: build
# The analysis with factory kernels of the GraphBLAS library is too
# extensive for the free GitHub-hosted runners. Disable them to work
# around that. That means they aren't scanned.
run: |
IFS=':'
BUILD_LIBS="${{ matrix.build-libs }}"
for lib in ${BUILD_LIBS}; do
printf " \033[0;32m==>\033[0m Building library \033[0;32m${lib}\033[0m\n"
echo "::group::Configure $lib"
cd ${GITHUB_WORKSPACE}/${lib}/build
cmake -DCMAKE_BUILD_TYPE="Release" \
-DCMAKE_INSTALL_PREFIX="${GITHUB_WORKSPACE}" \
-DBLA_VENDOR="OpenBLAS" \
-DNSTATIC=ON \
-DCOMPACT=ON \
-DSUITESPARSE_USE_CUDA=ON \
-DCUDAToolkit_INCLUDE_DIRS="/usr/include" \
..
echo "::endgroup::"
echo "::group::Build $lib"
cmake --build . --config Release
echo "::endgroup::"
done
- name: perform CodeQL analysis
uses: github/codeql-action/analyze@v3
with:
category: ${{ matrix.group }}-64
mingw32:
runs-on: windows-latest
defaults:
run:
# Use MSYS2 as default shell
shell: msys2 {0}
strategy:
# Allow other runners in the matrix to continue if some fail
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift']
language: ['c-cpp']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
group: [other]
# group: [other, graph]
include:
- group: other
build-libs: SuiteSparse_config:AMD:COLAMD:SPEX
# - group: graph
# build-libs: GraphBLAS:LAGraph
env:
CHERE_INVOKING: 1
name: CodeQL (mingw32, ${{ matrix.group }})
steps:
- name: get CPU name
shell: pwsh
run : |
Get-CIMInstance -Class Win32_Processor | Select-Object -Property Name
- name: install MSYS2 build environment
uses: msys2/setup-msys2@v2
with:
update: true
# Use pre-installed version to save disc space on partition with source.
release: false
install: >-
base-devel
mingw-w64-i686-autotools
mingw-w64-i686-cmake
mingw-w64-i686-cc
mingw-w64-i686-fc
mingw-w64-i686-openblas
mingw-w64-i686-omp
mingw-w64-i686-gmp
mingw-w64-i686-mpfr
msystem: MINGW32
- name: checkout repository
uses: actions/checkout@v4
- name: initialize CodeQL
# Initialize the CodeQL tools for scanning.
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
- name: build
# The analysis with factory kernels of the GraphBLAS library is too
# extensive for the free GitHub-hosted runners. Disable them to work
# around that. That means they aren't scanned.
run: |
BUILD_LIBS="${{ matrix.build-libs }}"
IFS=':' read -r -a libs <<< "${BUILD_LIBS}"
for lib in "${libs[@]}"; do
printf " \033[0;32m==>\033[0m Building library \033[0;32m${lib}\033[0m\n"
echo "::group::Configure $lib"
cd ${GITHUB_WORKSPACE}/${lib}/build
cmake -DCMAKE_BUILD_TYPE="Release" \
-DCMAKE_INSTALL_PREFIX="${GITHUB_WORKSPACE}" \
-DBLA_VENDOR="OpenBLAS" \
-DNSTATIC=ON \
-DCOMPACT=ON \
..
echo "::endgroup::"
echo "::group::Build $lib"
cmake --build . --config Release
echo "::endgroup::"
done
- name: perform CodeQL analysis
uses: github/codeql-action/analyze@v3
with:
category: ${{ matrix.group }}-32