Skip to content

Commit

Permalink
ci: use CodeQL instead of LGTM
Browse files Browse the repository at this point in the history
As LGTM is going to be shut down by EOY[0], let's move the code scanning to
CodeQL as recommended. Thanks to GH integration the results from such
scans will be shown both in the respective PR and in the Security ->
Code Scanning tab[1].

[0] https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/
[1] https://github.com/systemd/python-systemd/security/code-scanning
  • Loading branch information
mrc0mmand committed Sep 15, 2022
1 parent 47b7ede commit f87568a
Showing 1 changed file with 56 additions and 0 deletions.
56 changes: 56 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
---
# vi: ts=2 sw=2 et:
#
name: "CodeQL"

on:
push:
branches:
- master
pull_request:
branches:
- master

permissions:
contents: read

jobs:
analyze:
name: Analyze
runs-on: ubuntu-22.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
cancel-in-progress: true
permissions:
actions: read
security-events: write

strategy:
fail-fast: false
matrix:
language: ['cpp']

steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: +security-extended,security-and-quality

- name: Install dependencies
run: |
sudo apt -y update
sudo apt -y install docbook-xsl gcc libglib2.0-dev xsltproc meson
# Don't use github/codeql-action/autobuild, so we can check the test server as well
- name: Build
run: |
set -ex
meson -Ddfuzzer-test-server=true build
ninja -C ./build -v
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

0 comments on commit f87568a

Please sign in to comment.