mirror of
https://github.com/qbittorrent/qBittorrent.git
synced 2024-12-15 08:01:05 +08:00
GHA CI: add CodeQL scanning
This enable codebase scanning for C++ and JavaScript languages. https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning
This commit is contained in:
parent
f630d84858
commit
0f32de9d8c
13
.github/workflows/ci_ubuntu.yaml
vendored
13
.github/workflows/ci_ubuntu.yaml
vendored
@ -4,6 +4,7 @@ on: [pull_request, push]
|
||||
|
||||
permissions:
|
||||
actions: write
|
||||
security-events: write
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||
@ -65,6 +66,14 @@ jobs:
|
||||
cmake --build build
|
||||
sudo cmake --install build
|
||||
|
||||
# to avoid scanning 3rdparty codebases, initialize it just before building qbt
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
if: startsWith(matrix.libt_version, 2) && (matrix.qbt_gui == 'GUI=ON') && startsWith(matrix.qt_version, 6)
|
||||
with:
|
||||
config-file: ./.github/workflows/helper/codeql/cpp.yaml
|
||||
languages: cpp
|
||||
|
||||
- name: Build qBittorrent (Qt5)
|
||||
if: ${{ startsWith(matrix.qt_version, 5) }}
|
||||
run: |
|
||||
@ -104,6 +113,10 @@ jobs:
|
||||
cmake --build build --target check
|
||||
DESTDIR="qbittorrent" cmake --install build
|
||||
|
||||
- name: Run CodeQL analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
if: startsWith(matrix.libt_version, 2) && (matrix.qbt_gui == 'GUI=ON') && startsWith(matrix.qt_version, 6)
|
||||
|
||||
- name: Prepare build artifacts
|
||||
run: |
|
||||
mkdir upload
|
||||
|
12
.github/workflows/ci_webui.yaml
vendored
12
.github/workflows/ci_webui.yaml
vendored
@ -2,7 +2,8 @@ name: CI - WebUI
|
||||
|
||||
on: [pull_request, push]
|
||||
|
||||
permissions: {}
|
||||
permissions:
|
||||
security-events: write
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||
@ -36,3 +37,12 @@ jobs:
|
||||
run: |
|
||||
npm run format
|
||||
git diff --exit-code
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
config-file: ./.github/workflows/helper/codeql/js.yaml
|
||||
languages: javascript
|
||||
|
||||
- name: Run CodeQL analysis
|
||||
uses: github/codeql-action/analyze@v2
|
||||
|
14
.github/workflows/helper/codeql/cpp.yaml
vendored
Normal file
14
.github/workflows/helper/codeql/cpp.yaml
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
name: "CodeQL config for C++"
|
||||
|
||||
queries:
|
||||
- uses: security-and-quality
|
||||
|
||||
query-filters:
|
||||
- exclude:
|
||||
id: cpp/commented-out-code
|
||||
- exclude:
|
||||
id: cpp/include-non-header
|
||||
- exclude:
|
||||
id: cpp/loop-variable-changed
|
||||
- exclude:
|
||||
id: cpp/useless-expression
|
11
.github/workflows/helper/codeql/js.yaml
vendored
Normal file
11
.github/workflows/helper/codeql/js.yaml
vendored
Normal file
@ -0,0 +1,11 @@
|
||||
name: "CodeQL config for Javascript"
|
||||
|
||||
paths-ignore:
|
||||
- "**/lib/*"
|
||||
|
||||
queries:
|
||||
- uses: security-and-quality
|
||||
|
||||
query-filters:
|
||||
- exclude:
|
||||
id: js/superfluous-trailing-arguments
|
Loading…
Reference in New Issue
Block a user