owntone-server/.github/workflows/codeql-analysis.yml

name: "CodeQL"

on:
  push:
    branches:
      - master
    paths-ignore:
      - 'docs/**'
      - 'htdocs/**'
      - 'web-src/**'
  pull_request:
    branches:
      - master
    paths-ignore:
      - 'docs/**'
      - 'htdocs/**'
      - 'web-src/**'
  schedule:
    - cron: '0 19 * * 6'

jobs:
  analyse:
    name: Analyse
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        config-file: ./.github/codeql/codeql-config.yml
      # Override language selection by uncommenting this and choosing your languages
      # with:
      #   languages: go, javascript, csharp, python, cpp, java

    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    #- name: Autobuild
    #  uses: github/codeql-action/autobuild@v3

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl

    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
    #    and modify them (or add more) to build your code if your project
    #    uses a compiled language
    - run: |
        sudo apt-get update
        sudo apt-get install -yq build-essential clang clang-tools git autotools-dev autoconf libtool gettext gawk gperf bison flex libconfuse-dev libunistring-dev libsqlite3-dev libavcodec-dev libavformat-dev libavfilter-dev libswscale-dev libavutil-dev libasound2-dev libmxml-dev libgcrypt20-dev libavahi-client-dev zlib1g-dev libevent-dev libplist-dev libsodium-dev libcurl4-openssl-dev libjson-c-dev libprotobuf-c-dev libpulse-dev libwebsockets-dev libgnutls28-dev
        autoreconf -vi
        ./configure --enable-lastfm --enable-chromecast
        scan-build --status-bugs -disable-checker deadcode.DeadStores --exclude src/parsers make

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3
-												Enable code scanning workflow (beta)
											
										
										
											2020-08-10 17:19:57 -04:00
+								name: "CodeQL"
 								on:
 								  push:
-												[gh-actions] No compilation workflows if just docs/htdocs/web-src changed

											
										
										
											2023-10-21 17:27:47 -04:00
+								    branches:
 								      - master
 								    paths-ignore:
 								      - 'docs/**'
 								      - 'htdocs/**'
 								      - 'web-src/**'
-												Enable code scanning workflow (beta)
											
										
										
											2020-08-10 17:19:57 -04:00
+								  pull_request:
-												[gh-actions] No compilation workflows if just docs/htdocs/web-src changed

											
										
										
											2023-10-21 17:27:47 -04:00
+								    branches:
 								      - master
 								    paths-ignore:
 								      - 'docs/**'
 								      - 'htdocs/**'
 								      - 'web-src/**'
-												Enable code scanning workflow (beta)
											
										
										
											2020-08-10 17:19:57 -04:00
+								  schedule:
 								    - cron: '0 19 * * 6'
 								jobs:
 								  analyse:
 								    name: Analyse
 								    runs-on: ubuntu-latest
 								    steps:
 								    - name: Checkout repository
-												[gh-actions] Update checkout version to latest (v4)

											
										
										
											2023-10-21 16:32:35 -04:00
+								      uses: actions/checkout@v4
-												Enable code scanning workflow (beta)
											
										
										
											2020-08-10 17:19:57 -04:00
 								    # Initializes the CodeQL tools for scanning.
 								    - name: Initialize CodeQL
-												[workflow] Upgrade GitHub actions to newer versions

											
										
										
											2024-04-10 07:39:09 -04:00
+								      uses: github/codeql-action/init@v3
-												[gh-actions] Add codeql config file to exclude compiled js, html, css
											
										
										
											2020-11-21 07:04:21 -05:00
+								      with:
 								        config-file: ./.github/codeql/codeql-config.yml
-												Enable code scanning workflow (beta)
											
										
										
											2020-08-10 17:19:57 -04:00
+								      # Override language selection by uncommenting this and choosing your languages
 								      # with:
 								      #   languages: go, javascript, csharp, python, cpp, java
 								    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
 								    # If this step fails, then you should remove it and run the build manually (see below)
-												Update CodeQL analysis workflow

Don't use autobuild
											
										
										
											2020-08-11 15:34:38 -04:00
+								    #- name: Autobuild
-												[workflow] Upgrade GitHub actions to newer versions

											
										
										
											2024-04-10 07:39:09 -04:00
+								    #  uses: github/codeql-action/autobuild@v3
-												Enable code scanning workflow (beta)
											
										
										
											2020-08-10 17:19:57 -04:00
 								    # ℹ️ Command-line programs to run using the OS shell.
 								    # 📚 https://git.io/JvXDl
 								    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
 								    #    and modify them (or add more) to build your code if your project
 								    #    uses a compiled language
-												Update CodeQL analysis workflow

Don't use autobuild
											
										
										
											2020-08-11 15:34:38 -04:00
+								    - run: |
 								        sudo apt-get update
-												Update workflow files: bison/flex instead of antlr

											
										
										
											2022-01-10 16:12:28 -05:00
+								        sudo apt-get install -yq build-essential clang clang-tools git autotools-dev autoconf libtool gettext gawk gperf bison flex libconfuse-dev libunistring-dev libsqlite3-dev libavcodec-dev libavformat-dev libavfilter-dev libswscale-dev libavutil-dev libasound2-dev libmxml-dev libgcrypt20-dev libavahi-client-dev zlib1g-dev libevent-dev libplist-dev libsodium-dev libcurl4-openssl-dev libjson-c-dev libprotobuf-c-dev libpulse-dev libwebsockets-dev libgnutls28-dev
-												Update CodeQL analysis workflow

Don't use autobuild
											
										
										
											2020-08-11 15:34:38 -04:00
+								        autoreconf -vi
-												[gh-actions] Update codeql-analysis to cover more code and to use
scan-build
											
										
										
											2021-03-20 02:47:31 -04:00
+								        ./configure --enable-lastfm --enable-chromecast
-												Put bison/flex files in parsers dir, so scan-build --exclude can be used

The autogenerated files create warnings that we can't do much about, so
exclude them.

											
										
										
											2022-01-11 12:54:47 -05:00
+								        scan-build --status-bugs -disable-checker deadcode.DeadStores --exclude src/parsers make
-												Enable code scanning workflow (beta)
											
										
										
											2020-08-10 17:19:57 -04:00
 								    - name: Perform CodeQL Analysis
-												[workflow] Upgrade GitHub actions to newer versions

											
										
										
											2024-04-10 07:39:09 -04:00
+								      uses: github/codeql-action/analyze@v3