enso/.github/workflows/codeql-analysis.yml

87 lines
2.5 KiB
YAML
Raw Normal View History

2020-07-01 18:17:24 +03:00
name: "CodeQL"
on:
2020-07-02 18:23:34 +03:00
push:
branches:
- main
- "release/*"
2020-07-01 18:17:24 +03:00
pull_request:
branches:
- "*"
env:
# Please ensure that this is in sync with graalAPIVersion in build.sbt
2020-08-28 14:03:09 +03:00
graalVersion: 20.2.0
2020-07-01 18:17:24 +03:00
javaVersion: java11
# Please ensure that this is in sync with project/build.properties
sbtVersion: 1.3.13
rustToolchain: nightly-2019-11-04
2020-07-01 18:17:24 +03:00
jobs:
vuln-scan:
name: Vulnerability Scan
runs-on: ubuntu-latest
steps:
2020-07-21 15:59:40 +03:00
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
2020-07-01 18:17:24 +03:00
2020-07-21 15:59:40 +03:00
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
2020-07-01 18:17:24 +03:00
2020-07-21 15:59:40 +03:00
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: java
2020-07-01 18:17:24 +03:00
2020-07-21 15:59:40 +03:00
# Set Up Environment
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: ${{ env.rustToolchain }}
override: true
2020-07-21 15:59:40 +03:00
- name: Setup conda
uses: s-weigand/setup-conda@v1
with:
update-conda: false
conda-channels: anaconda, conda-forge
- name: Install FlatBuffers Compiler
run: conda install --freeze-installed flatbuffers=1.12.0
- name: Setup GraalVM Environment
uses: DeLaGuardo/setup-graalvm@2.0
with:
2020-07-01 18:17:24 +03:00
graalvm-version: ${{ env.graalVersion }}.${{ env.javaVersion }}
2020-07-21 15:59:40 +03:00
- name: Set Up SBT
run: |
curl --retry 4 --retry-connrefused -fsSL -o sbt.tgz https://github.com/sbt/sbt/releases/download/v${{env.sbtVersion}}/sbt-${{env.sbtVersion}}.tgz
2020-07-01 18:17:24 +03:00
tar -xzf sbt.tgz
echo ::add-path::$GITHUB_WORKSPACE/sbt/bin/
2020-07-21 15:59:40 +03:00
# Caches
- name: Cache SBT
uses: actions/cache@v2
with:
path: |
~/.sbt
~/.ivy2/cache
~/.cache
key: ${{ runner.os }}-sbt-${{ hashFiles('**build.sbt') }}
restore-keys: ${{ runner.os }}-sbt-
2020-07-01 18:17:24 +03:00
2020-07-21 15:59:40 +03:00
# Build
- name: Bootstrap Enso project
run: sbt --no-colors bootstrap
- name: Build Enso
run: sbt --no-colors compile
2020-07-01 18:17:24 +03:00
2020-07-21 15:59:40 +03:00
# Analyse the Code
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1