name: CodeQL Analysis (Linux) on: push: branches: [ "master" ] paths: - src/** - cmake/** - "**/CMakeLists.txt" - "CMakePresets.json" - "!.github/workflows/**" - .github/workflows/codeql_linux.yml - vcpkg.json - "!**/Makefile*" pull_request: branches: [ "master" ] paths: - src/** - cmake/** - "**/CMakeLists.txt" - "CMakePresets.json" - "!.github/workflows/**" - .github/workflows/codeql_linux.yml - vcpkg.json - "!**/Makefile*" schedule: - cron: '22 11 * * 0' jobs: analyze-linux: name: "${{ matrix.ui.name }}, ${{ matrix.build.name }}, ${{ matrix.dynarec.name }}, ${{ matrix.environment.arch }}" runs-on: ubuntu-22.04 env: BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed permissions: actions: read contents: read security-events: write strategy: fail-fast: true matrix: language: [ 'cpp' ] build: # - name: Regular # preset: regular - name: Debug preset: dev_debug slug: -Debug # - name: Dev # preset: development # slug: -Dev dynarec: - name: ODR new: off slug: -ODR - name: NDR new: on slug: -NDR ui: - name: SDL GUI qt: off qt6: off slug: -SDL static: on - name: Qt 5 GUI qt: on qt6: off slug: -Qt5 packages: >- qtbase5-dev qtbase5-private-dev qttools5-dev qttranslations5-l10n libevdev-dev libxkbcommon-x11-dev environment: - arch: x86_64 toolchain: ./cmake/flags-gcc-x86_64.cmake slug: "-x86_64" runner: ubuntu-22.04 # - arch: arm64 # toolchain: ./cmake/flags-gcc-aarch64.cmake # slug: -arm64 # runner: ubuntu-22.04-arm # exclude: # - dynarec: # new: off # environment: # arch: arm64 steps: - name: Install dependencies run: >- sudo apt update && sudo apt install build-essential ninja-build libfreetype-dev libsdl2-dev libpng-dev libc6-dev librtmidi-dev libopenal-dev libslirp-dev libfluidsynth-dev libvdeplug-dev libserialport-dev ${{ matrix.ui.packages }} - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Install Build Wrapper uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml - name: Configure CMake run: >- cmake -S . -B build --preset ${{ matrix.build.preset }} --toolchain ${{ matrix.environment.toolchain }} -D NEW_DYNAREC=${{ matrix.dynarec.new }} -D QT=${{ matrix.ui.qt }} -D USE_QT6=${{ matrix.ui.qt6 }} - name: Build run: | build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" - name: SonarQube Scan if: matrix.build.preset == 'dev_debug' && matrix.dynarec.new == 'on' && matrix.ui.qt == 'on' && env.SONAR_TOKEN != '' # if: 0 uses: SonarSource/sonarqube-scan-action@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }} with: # Consult https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options args: > --define sonar.cfamily.compile-commands=build/compile_commands.json