cpp/openttd-patchpack/source Changeset - r26757:44253f430237

Changeset - r26757:44253f430237

Parent rev.

Child rev.

[Not reviewed]

master

0 0 2

rubidium42 - 18 months ago 2022-12-31 17:21:28
rubidium42@users.noreply.github.com

Add: enable CodeQL code scanning

As a replacement to the now deprecated LGTM(.com)

2 files changed with 88 insertions and 0 deletions:

.github/codeql/codeql-config.yml

.github/workflows/codeql.yml

0 comments (0 inline, 0 general)

.github/codeql/codeql-config.yml

➞

Show inline comments

@@ new file 100644 @@
 name: openttd
 queries:
 - uses: security-and-quality
 query-filters:
 - exclude:
     id:
     # Only feasible way is to move away from fopen; fopen_s is optional C11 and not implemented on most platforms.
     - cpp/world-writable-file-creation
     # Basically OpenTTD's coding style for adding things like ..._INVALID to enumerations
     - cpp/irregular-enum-init

.github/workflows/codeql.yml

➞

Show inline comments

@@ new file 100644 @@
 name: CodeQL
 on:
   push:
     branches:
     - master
   pull_request:
     # The branches below must be a subset of the branches above
     branches:
     - master
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
       security-events: write
     steps:
     - name: Checkout
       uses: actions/checkout@v3
     - name: Install dependencies
       run: |
         echo "::group::Update apt"
         sudo apt-get update
         echo "::endgroup::"
         echo "::group::Install dependencies"
         sudo apt-get install -y --no-install-recommends \
           liballegro4-dev \
           libfontconfig-dev \
           libicu-dev \
           liblzma-dev \
           liblzo2-dev \
           libsdl2-dev \
           zlib1g-dev \
           # EOF
         echo "::endgroup::"
       env:
         DEBIAN_FRONTEND: noninteractive
     - name: Set number of make jobs
       run: |
         echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
         languages: cpp
         config-file: ./.github/codeql/codeql-config.yml
     - name: Autobuild
       uses: github/codeql-action/autobuild@v2
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
       with:
         category: /language:cpp
         upload: False
         output: sarif-results
     - name: Filter out table & generated code
       uses: advanced-security/filter-sarif@v1
       with:
         patterns: |
           +**/*.*
           -**/table/*.*
           -**/generated/**/*.*
         input: sarif-results/cpp.sarif
         output: sarif-results/cpp.sarif
     - name: Upload results
       uses: github/codeql-action/upload-sarif@v2
       with:
         sarif_file: sarif-results/cpp.sarif

0 comments (0 inline, 0 general)