Cpp optis #597
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '0 6 * * 1' # Run weekly on Mondays | |
| jobs: | |
| analyze: | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | |
| timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} | |
| permissions: | |
| security-events: write | |
| packages: read | |
| actions: read | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - language: c-cpp | |
| build-mode: autobuild | |
| - language: javascript-typescript | |
| build-mode: none | |
| - language: ruby | |
| build-mode: none | |
| # Swift requires manual build due to XCFramework dependencies | |
| - language: swift | |
| build-mode: manual | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: ${{ matrix.build-mode }} | |
| # Manual build step for Swift | |
| - name: Build Swift Package | |
| if: matrix.language == 'swift' && matrix.build-mode == 'manual' | |
| working-directory: sdk/runanywhere-swift | |
| run: | | |
| echo "=== Setting up Swift build environment ===" | |
| # Create Binaries directory | |
| mkdir -p Binaries | |
| # Download XCFrameworks from latest release | |
| echo "Downloading XCFrameworks from GitHub releases..." | |
| # Get the latest release tag | |
| LATEST_TAG=$(gh release list --limit 1 --json tagName -q '.[0].tagName' 2>/dev/null || echo "v0.16.0-test.39") | |
| echo "Using release: $LATEST_TAG" | |
| # Download iOS frameworks | |
| gh release download "$LATEST_TAG" \ | |
| --pattern "RACommons-ios-*.zip" \ | |
| --pattern "RABackendLLAMACPP-ios-*.zip" \ | |
| --pattern "RABackendONNX-ios-*.zip" \ | |
| --dir ./downloads/ 2>/dev/null || { | |
| echo "Could not download from release, using placeholder frameworks" | |
| # Create minimal placeholder frameworks for CodeQL analysis | |
| mkdir -p Binaries/RACommons.xcframework/ios-arm64 | |
| mkdir -p Binaries/RABackendLLAMACPP.xcframework/ios-arm64 | |
| mkdir -p Binaries/RABackendONNX.xcframework/ios-arm64 | |
| touch Binaries/RACommons.xcframework/Info.plist | |
| touch Binaries/RABackendLLAMACPP.xcframework/Info.plist | |
| touch Binaries/RABackendONNX.xcframework/Info.plist | |
| } | |
| # Extract frameworks if downloaded | |
| if [ -d downloads ]; then | |
| for zip in downloads/*.zip; do | |
| if [ -f "$zip" ]; then | |
| echo "Extracting $zip..." | |
| unzip -q -o "$zip" -d Binaries/ | |
| fi | |
| done | |
| fi | |
| echo "=== Binaries directory contents ===" | |
| ls -la Binaries/ || echo "Binaries directory empty" | |
| # Build the Swift package | |
| echo "=== Building Swift package ===" | |
| swift build -v 2>&1 || { | |
| echo "Swift build failed, but continuing for CodeQL analysis" | |
| # Even if build fails, CodeQL can still analyze source files | |
| exit 0 | |
| } | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/language:${{ matrix.language }}" |