name: CodeQL Analysis (macos) on: push: branches: [ "master" ] paths: - src/** - cmake/** - "**/CMakeLists.txt" - "CMakePresets.json" - "!.github/workflows/**" - .github/workflows/codeql_macos.yml - vcpkg.json - "!**/Makefile*" pull_request: branches: [ "master" ] paths: - src/** - cmake/** - "**/CMakeLists.txt" - "CMakePresets.json" - "!.github/workflows/**" - .github/workflows/codeql_macos.yml - vcpkg.json - "!**/Makefile*" schedule: - cron: '22 11 * * 0' jobs: analyze-macos: name: "${{ matrix.ui.name }}, ${{ matrix.build.name }}, ${{ matrix.dynarec.name }}, ${{ matrix.environment.arch }}" runs-on: ${{ matrix.environment.runner }} env: BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed permissions: actions: read contents: read security-events: write strategy: fail-fast: true matrix: language: [ 'cpp' ] build: # - name: Regular # preset: regular - name: Debug preset: dev_debug slug: -Debug # - name: Dev # preset: development # slug: -Dev dynarec: - name: ODR new: off slug: -ODR - name: NDR new: on slug: -NDR ui: # - name: SDL GUI # qt: off # slug: -SDL # static: on - name: Qt 5 GUI qt: on slug: -Qt5 packages: >- qt@5 environment: - arch: x86_64 toolchain: ./cmake/flags-gcc-x86_64.cmake slug: -x86_64 runner: macos-13 # - arch: arm64 # toolchain: ./cmake/llvm-macos-aarch64.cmake # slug: -arm64 # runner: macos-14 # exclude: # - dynarec: # new: off # environment: # arch: arm64 steps: - name: Install dependencies run: >- brew install sdl2 rtmidi openal-soft fluidsynth libslirp vde libserialport ${{ matrix.ui.packages }} - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Install Build Wrapper uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml - name: Configure CMake run: >- cmake -S . -B build --preset ${{ matrix.build.preset }} --toolchain ${{ matrix.environment.toolchain }} -D NEW_DYNAREC=${{ matrix.dynarec.new }} -D QT=${{ matrix.ui.qt }} -D Qt5_ROOT=$(brew --prefix qt@5) -D Qt5LinguistTools_ROOT=$(brew --prefix qt@5) -D OpenAL_ROOT=$(brew --prefix openal-soft) -D LIBSERIALPORT_ROOT=$(brew --prefix libserialport) - name: Build run: | build-wrapper-macosx-x86 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" - name: SonarQube Scan # if: matrix.build.preset == 'dev_debug' && matrix.dynarec.new == 'on' && matrix.ui.qt == 'on' && env.SONAR_TOKEN != '' if: 0 uses: SonarSource/sonarqube-scan-action@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }} with: # Consult https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options args: > --define sonar.cfamily.compile-commands=build/compile_commands.json