keepassxc

1
name: "CodeQL"
2

3
on:
4
  push:
5
    branches: [ 'develop', 'release/2.7.x' ]
6
  pull_request:
7
    # The branches below must be a subset of the branches above
8
    branches: [ 'develop' ]
9
  schedule:
10
    - cron: '5 16 * * 3'
11

12
jobs:
13
  analyze:
14
    name: Analyze
15
    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
16
    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
17
    permissions:
18
      actions: read
19
      contents: read
20
      security-events: write
21

22
    strategy:
23
      fail-fast: false
24
      matrix:
25
        language: [ 'cpp' ]
26
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
27
        # Use only 'java' to analyze code written in Java, Kotlin or both
28
        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
29
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
30

31
    steps:
32
    - name: Checkout repository
33
      uses: actions/checkout@v4
34

35
    - if: matrix.language == 'cpp'
36
      name: Install dependencies
37
      run: |
38
        sudo apt update
39
        sudo apt install build-essential cmake g++
40
        sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev  libqt5x11extras5-dev
41

42
    # Initializes the CodeQL tools for scanning.
43
    - name: Initialize CodeQL
44
      uses: github/codeql-action/init@v2
45
      with:
46
        languages: ${{ matrix.language }}
47
        # If you wish to specify custom queries, you can do so here or in a config file.
48
        # By default, queries listed here will override any specified in a config file.
49
        # Prefix the list here with "+" to use these queries and those in the config file.
50

51
        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
52
        queries: security-and-quality
53

54
    - if: matrix.language == 'cpp'
55
      name: Build C++
56
      run: |
57
        mkdir build && cd build
58
        cmake -DWITH_XC_ALL=ON -DWITH_TESTS=OFF ..
59
        make -j $(nproc)
60

61
    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
62
    # If this step fails, then you should remove it and run the build manually (see below)
63
    - if: matrix.language != 'cpp'
64
      name: Autobuild
65
      uses: github/codeql-action/autobuild@v2
66

67
    - name: Perform CodeQL Analysis
68
      uses: github/codeql-action/analyze@v2
69
      with:
70
        category: "/language:${{matrix.language}}"
71