2020-07-01 18:17:24 +03:00
|
|
|
name: "CodeQL"
|
|
|
|
|
2020-10-22 17:12:28 +03:00
|
|
|
# CodeQL is temporarily disabled because it seems that it is unable to discover
|
|
|
|
# code compiled with SBT.
|
2020-07-01 18:17:24 +03:00
|
|
|
on:
|
2020-07-02 18:23:34 +03:00
|
|
|
push:
|
2020-10-22 17:12:28 +03:00
|
|
|
branches-ignore:
|
|
|
|
- "**"
|
|
|
|
# branches:
|
|
|
|
# - main
|
|
|
|
# - "release/*"
|
2020-07-01 18:17:24 +03:00
|
|
|
pull_request:
|
2020-10-22 17:12:28 +03:00
|
|
|
branches-ignore:
|
|
|
|
- "**"
|
|
|
|
# branches:
|
|
|
|
# - "*"
|
2020-07-01 18:17:24 +03:00
|
|
|
|
|
|
|
env:
|
2020-10-21 17:48:05 +03:00
|
|
|
# Please ensure that this is in sync with graalVersion in build.sbt
|
2022-02-11 19:05:13 +03:00
|
|
|
graalVersion: 21.3.0
|
2020-10-21 17:48:05 +03:00
|
|
|
# Please ensure that this is in sync with javaVersion in build.sbt
|
|
|
|
javaVersion: 11
|
2020-07-01 18:17:24 +03:00
|
|
|
# Please ensure that this is in sync with project/build.properties
|
2021-05-14 15:08:39 +03:00
|
|
|
sbtVersion: 1.5.2
|
2020-10-21 17:48:05 +03:00
|
|
|
# Please ensure that this is in sync with rustVersion in build.sbt
|
2021-12-01 18:06:57 +03:00
|
|
|
rustToolchain: nightly-2021-11-29
|
2020-07-01 18:17:24 +03:00
|
|
|
|
|
|
|
jobs:
|
|
|
|
vuln-scan:
|
|
|
|
name: Vulnerability Scan
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
|
|
|
steps:
|
2020-07-21 15:59:40 +03:00
|
|
|
- name: Checkout repository
|
|
|
|
uses: actions/checkout@v2
|
|
|
|
with:
|
|
|
|
# We must fetch at least the immediate parents so that if this is
|
|
|
|
# a pull request then we can checkout the head.
|
|
|
|
fetch-depth: 2
|
2020-07-01 18:17:24 +03:00
|
|
|
|
2020-07-21 15:59:40 +03:00
|
|
|
# If this run was triggered by a pull request event, then checkout
|
|
|
|
# the head of the pull request instead of the merge commit.
|
|
|
|
- run: git checkout HEAD^2
|
|
|
|
if: ${{ github.event_name == 'pull_request' }}
|
2020-07-01 18:17:24 +03:00
|
|
|
|
2020-07-21 15:59:40 +03:00
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
|
|
- name: Initialize CodeQL
|
|
|
|
uses: github/codeql-action/init@v1
|
|
|
|
with:
|
|
|
|
languages: java
|
2020-07-01 18:17:24 +03:00
|
|
|
|
2020-07-21 15:59:40 +03:00
|
|
|
# Set Up Environment
|
2020-08-03 17:00:12 +03:00
|
|
|
- name: Install Rust
|
2020-10-21 17:48:05 +03:00
|
|
|
uses: actions-rs/toolchain@v1.0.6
|
2020-08-03 17:00:12 +03:00
|
|
|
with:
|
|
|
|
toolchain: ${{ env.rustToolchain }}
|
|
|
|
override: true
|
2020-07-21 15:59:40 +03:00
|
|
|
- name: Setup conda
|
2020-10-21 17:48:05 +03:00
|
|
|
uses: s-weigand/setup-conda@v1.0.5
|
2020-07-21 15:59:40 +03:00
|
|
|
with:
|
|
|
|
update-conda: false
|
|
|
|
conda-channels: anaconda, conda-forge
|
|
|
|
- name: Install FlatBuffers Compiler
|
|
|
|
run: conda install --freeze-installed flatbuffers=1.12.0
|
|
|
|
- name: Setup GraalVM Environment
|
2020-10-21 17:48:05 +03:00
|
|
|
uses: ayltai/setup-graalvm@v1
|
2020-07-21 15:59:40 +03:00
|
|
|
with:
|
2020-10-21 17:48:05 +03:00
|
|
|
graalvm-version: ${{ env.graalVersion }}
|
|
|
|
java-version: ${{ env.javaVersion }}
|
2020-07-21 15:59:40 +03:00
|
|
|
- name: Set Up SBT
|
|
|
|
run: |
|
2020-10-01 12:37:46 +03:00
|
|
|
curl --retry 4 --retry-connrefused -fsSL -o sbt.tgz https://github.com/sbt/sbt/releases/download/v${{env.sbtVersion}}/sbt-${{env.sbtVersion}}.tgz
|
2020-07-01 18:17:24 +03:00
|
|
|
tar -xzf sbt.tgz
|
2020-10-21 17:48:05 +03:00
|
|
|
echo $GITHUB_WORKSPACE/sbt/bin/ >> $GITHUB_PATH
|
2020-07-01 18:17:24 +03:00
|
|
|
|
2020-07-21 15:59:40 +03:00
|
|
|
# Caches
|
|
|
|
- name: Cache SBT
|
|
|
|
uses: actions/cache@v2
|
|
|
|
with:
|
|
|
|
path: |
|
|
|
|
~/.sbt
|
|
|
|
~/.ivy2/cache
|
|
|
|
~/.cache
|
|
|
|
key: ${{ runner.os }}-sbt-${{ hashFiles('**build.sbt') }}
|
|
|
|
restore-keys: ${{ runner.os }}-sbt-
|
2020-07-01 18:17:24 +03:00
|
|
|
|
2020-07-21 15:59:40 +03:00
|
|
|
# Build
|
|
|
|
- name: Bootstrap Enso project
|
|
|
|
run: sbt --no-colors bootstrap
|
|
|
|
- name: Build Enso
|
|
|
|
run: sbt --no-colors compile
|
2020-07-01 18:17:24 +03:00
|
|
|
|
2020-07-21 15:59:40 +03:00
|
|
|
# Analyse the Code
|
|
|
|
- name: Perform CodeQL Analysis
|
|
|
|
uses: github/codeql-action/analyze@v1
|