Skip to content
CodeQL Advanced

build(deps): bump actions/checkout from 4 to 5 #97

Sign in to view logs

build(deps): bump actions/checkout from 4 to 5

build(deps): bump actions/checkout from 4 to 5 #97

Workflow file for this run

.github/workflows/codeql.yml at e4412c7
---
name: 'CodeQL Advanced'
on:
push:
branches: ['main']
pull_request:
branches: ['main']
schedule:
# Run on Sunday at 23:25
- cron: '25 23 * * 0'
permissions: read-all
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: go
build-mode: autobuild
- language: javascript-typescript
build-mode: none
- language: python
build-mode: none
# CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v5
# Additional steps: Python
- name: Setup python
if: ${{ matrix.language == 'python' }}
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install deps
if: ${{ matrix.language == 'python' }}
run: |
curl -SL "$( curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'browser_download_url' | grep "docker-compose-linux-$(uname -m)" | grep -v '.sha256' | sed -E 's/.*https/https/g' | sed -E 's/\"//g' | grep -vE '.json$' )" -o docker-compose
sudo mv docker-compose /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
docker-compose -f docker/compose.yaml config
- name: Install Python dependencies
if: ${{ matrix.language == 'python' }}
run: |
pip install -r ./.dagger-ci/daggerci/requirements.txt
# Copy Python files to a standard location
- name: Copy Python files to standard location
if: ${{ matrix.language == 'python' }}
run: |
# Create a standard Python project structure
mkdir -p /tmp/python-project/src
# Copy all Python files from .dagger-ci to the standard location
cp -r ./.dagger-ci/* /tmp/python-project/src/
# Create a setup.py file to make it look like a standard Python project
cat > /tmp/python-project/setup.py << 'EOF'
from setuptools import setup, find_packages
setup(
name="daggerci",
version="0.1",
packages=find_packages(where="src"),
package_dir={"": "src"}
)
EOF
# List all files in the standard location to verify
find /tmp/python-project -type f | sort
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL for not-Python
if: ${{ matrix.language != 'python' }}
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
config-file: .github/codeql/codeql-config.yml
- name: Initialize CodeQL for Python
if: ${{ matrix.language == 'python' }}
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
config-file: .github/codeql/codeql-config.yml
env:
# Extract the standard library to help with imports
CODEQL_EXTRACTOR_PYTHON_EXTRACT_STDLIB: true
# Set the Python path to include our repository
PYTHONPATH: ${{ github.workspace }}/.dagger-ci:${{ github.workspace }}
# Run a Python script that imports all modules to ensure they're analyzed
- name: Run Python imports for CodeQL
if: ${{ matrix.language == 'python' }}
run: |
# Create a script that imports all Python modules
cat > /tmp/import_all.py << 'EOF'
import os
import sys
import importlib
# Add the repository root to the Python path
repo_root = os.environ.get('GITHUB_WORKSPACE', '/home/runner/work/firmware-action/firmware-action')
sys.path.insert(0, repo_root)
# Add the .dagger-ci directory to the Python path
dagger_ci_path = os.path.join(repo_root, '.dagger-ci')
sys.path.insert(0, dagger_ci_path)
# Find all Python files in the .dagger-ci directory
for root, dirs, files in os.walk(dagger_ci_path):
for file in files:
if file.endswith('.py'):
# Convert file path to module name
rel_path = os.path.relpath(os.path.join(root, file), dagger_ci_path)
module_name = os.path.splitext(rel_path)[0].replace(os.path.sep, '.')
# Skip __init__.py files
if module_name.endswith('__init__'):
module_name = module_name[:-9]
# Try to import the module
print(f"Trying to import: {module_name}")
try:
importlib.import_module(module_name)
print(f"Successfully imported: {module_name}")
except Exception as e:
print(f"Failed to import {module_name}: {e}")
EOF
# Run the import script
PYTHONPATH=${{ github.workspace }}/.dagger-ci:${{ github.workspace }} python /tmp/import_all.py
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: '/language:${{matrix.language}}'