liblpm/.github/workflows/codeql.yml at 7978f1f6ad67b053767c3ee0fc3e81bfe72e87fe · MuriloChianfa/liblpm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
name: "CodeQL Security Analysis"

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]
  schedule:
    # Run at 2:30 AM UTC every Monday
    - cron: '30 2 * * 1'
  workflow_dispatch:

jobs:
  analyze:
    name: Analyze (${{ matrix.language }})
    runs-on: ubuntu-latest
    timeout-minutes: 360
    permissions:
      security-events: write
      contents: read
      actions: read

    strategy:
      fail-fast: false
      matrix:
        include:
          - language: c-cpp
            build-mode: manual
          - language: go
            build-mode: autobuild
          - language: python
            build-mode: manual
          - language: java-kotlin
            build-mode: manual
          - language: csharp
            build-mode: manual

    steps:
    - name: Checkout repository
      uses: actions/checkout@v6
      with:
        submodules: recursive

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v4
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/codeql-config.yml
        queries: +security-extended,security-and-quality

    - name: Build C/C++ Code
      if: matrix.language == 'c-cpp'
      run: |
        sudo apt-get update
        sudo apt-get install -y cmake build-essential

        # Build and install main library
        mkdir -p build
        cd build
        cmake -DCMAKE_BUILD_TYPE=Release ..
        make -j$(nproc)
        sudo make install
        sudo ldconfig
        cd ..

        # Build C++ bindings
        mkdir -p bindings/cpp/build
        cd bindings/cpp/build
        cmake -DCMAKE_BUILD_TYPE=Release ..
        make -j$(nproc)

    - name: Build Python Bindings
      if: matrix.language == 'python'
      run: |
        sudo apt-get update
        sudo apt-get install -y cmake build-essential python3-dev python3-pip

        # Build and install main library first
        mkdir -p build
        cd build
        cmake -DCMAKE_BUILD_TYPE=Release ..
        make -j$(nproc)
        sudo make install
        sudo ldconfig
        cd ..

        # Build Python bindings
        cd bindings/python
        pip3 install --upgrade pip setuptools wheel
        pip3 install cython numpy
        pip3 install -e .

    - name: Setup Java
      if: matrix.language == 'java-kotlin'
      uses: actions/setup-java@v5
      with:
        distribution: 'temurin'
        java-version: '17'

    - name: Build Java Bindings
      if: matrix.language == 'java-kotlin'
      run: |
        sudo apt-get update
        sudo apt-get install -y cmake build-essential

        # Build and install main library first
        mkdir -p build
        cd build
        cmake -DCMAKE_BUILD_TYPE=Release ..
        make -j$(nproc)
        sudo make install
        sudo ldconfig
        cd ..

        # Build Java bindings with JNI
        cd bindings/java
        mkdir -p build
        cd build
        cmake -DCMAKE_BUILD_TYPE=Release ..
        make -j$(nproc)
        cd ..

        # Build Java code with Gradle
        chmod +x gradlew
        ./gradlew build -x test

    - name: Setup .NET
      if: matrix.language == 'csharp'
      uses: actions/setup-dotnet@v4
      with:
        dotnet-version: '8.0.x'

    - name: Build C# Bindings
      if: matrix.language == 'csharp'
      run: |
        sudo apt-get update
        sudo apt-get install -y cmake build-essential

        # Build and install main library first
        mkdir -p build
        cd build
        cmake -DCMAKE_BUILD_TYPE=Release ..
        make -j$(nproc)
        sudo make install
        sudo ldconfig
        cd ..

        # Build C# native wrapper
        cd bindings/csharp
        mkdir -p build
        cd build
        cmake -DCMAKE_BUILD_TYPE=Release ..
        make -j$(nproc)
        cd ..

        # Build C# project
        dotnet restore LibLpm.sln
        dotnet build LibLpm.sln --configuration Release --no-restore

    - name: Autobuild
      if: matrix.language == 'go'
      uses: github/codeql-action/autobuild@v4

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v4
      with:
        category: "/language:${{ matrix.language }}"

  summary:
    name: Analysis Summary
    runs-on: ubuntu-latest
    needs: analyze
    if: always()

    steps:
      - name: Check status
        run: |
          echo "CodeQL analysis completed"
          echo "Status: ${{ needs.analyze.result }}"