Configure CMake to use CodeQL's compiler wrapper #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: "CodeQL - Analyze (C++, Python, Actions)" | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| schedule: | |
| - cron: '0 3 * * 0' # weekly (UTC) — adjust as needed | |
| workflow_dispatch: | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| env: | |
| BUILD_TYPE: RelWithDebInfo | |
| CPP_COMPILER: g++ | |
| CODEQL_EXTRACTOR_CPP_COMPILATION_DATABASE: ${{ github.workspace }}/compile_commands.json | |
| CODEQL_ACTION_RUN_AUTOBUILD: false | |
| jobs: | |
| codeql: | |
| name: Analyze with CodeQL | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: ghcr.io/framework-r-d/phlex-ci:latest | |
| strategy: | |
| fail-fast: false | |
| matrix: # Necessry to disable yaml-language-server warning | |
| single-run: [ true ] | |
| timeout-minutes: 120 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: phlex-src | |
| fetch-depth: 0 | |
| - name: Setup build environment | |
| uses: ./phlex-src/.github/actions/setup-build-env | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: cpp, python, actions | |
| config-file: phlex-src/.github/codeql/codeql-config.yml | |
| source-root: phlex-src | |
| build-mode: manual | |
| - name: Capture CodeQL compiler wrapper | |
| shell: bash | |
| run: | | |
| if [ -n "${CODEQL_EXTRACTOR_CPP_CC:-}" ]; then | |
| echo "Using CodeQL compiler wrapper: ${CODEQL_EXTRACTOR_CPP_CC}" | |
| echo "CPP_COMPILER=${CODEQL_EXTRACTOR_CPP_CC}" >> "$GITHUB_ENV" | |
| else | |
| echo "CODEQL_EXTRACTOR_CPP_CC not set; keeping default compiler: ${CPP_COMPILER:-g++}" | |
| fi | |
| - name: Configure CMake | |
| uses: ./phlex-src/.github/actions/configure-cmake | |
| with: | |
| build-type: ${{ env.BUILD_TYPE }} | |
| cpp-compiler: ${{ env.CPP_COMPILER }} | |
| - name: Build | |
| uses: ./phlex-src/.github/actions/build-cmake | |
| - name: Verify compile_commands.json and publish for diagnostics | |
| run: | | |
| set -euo pipefail | |
| echo "Looking for compile_commands.json in common build locations..." | |
| # Prefer phlex-src/build/compile_commands.json | |
| if [ -f "$GITHUB_WORKSPACE/phlex-src/build/compile_commands.json" ]; then | |
| echo "Found phlex-src/build/compile_commands.json" | |
| cp "$GITHUB_WORKSPACE/phlex-src/build/compile_commands.json" "$GITHUB_WORKSPACE/" | |
| elif [ -f "$GITHUB_WORKSPACE/phlex-build/compile_commands.json" ]; then | |
| echo "Found phlex-build/compile_commands.json" | |
| cp "$GITHUB_WORKSPACE/phlex-build/compile_commands.json" "$GITHUB_WORKSPACE/" | |
| else | |
| echo "No compile_commands.json found in phlex-src/build or phlex-build; continuing." | |
| fi | |
| if [ -f "$GITHUB_WORKSPACE/compile_commands.json" ]; then | |
| echo "Beginning of \$GITHUB_WORKSPACE/compile_commands.json (for debugging):" | |
| head -n 20 "$GITHUB_WORKSPACE/compile_commands.json" | |
| else | |
| echo " \$GITHUB_WORKSPACE/compile_commands.json not found!" | |
| echo "Workspace listing:" | |
| ls -la "$GITHUB_WORKSPACE" || true | |
| echo "Attempting to locate compile_commands.json for debug:" | |
| find "$GITHUB_WORKSPACE" -type f -name compile_commands.json | |
| exit 1 | |
| fi | |
| # Run CodeQL analysis (uploads results to code scanning) | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| category: "CodeQL" | |
| output: codeql-results.sarif |