diff --git a/.github/workflows/Build.yml b/.github/workflows/Build.yml index a572545e25..8e7300cdc3 100644 --- a/.github/workflows/Build.yml +++ b/.github/workflows/Build.yml @@ -14,6 +14,7 @@ env: jobs: build-linux: + if: ${{ false }} runs-on: ubuntu-latest strategy: matrix: @@ -123,6 +124,7 @@ jobs: run: docker rm -f kphp-build-container-${{matrix.os}} build-macos: + if: ${{ false }} runs-on: ${{matrix.os}}-14 strategy: matrix: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..7419ae98de --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,76 @@ +name: CodeQL + +on: + pull_request: + branches: [ "master" ] + +env: + kphp_root_dir: /home/kitten/kphp + kphp_polyfills_dir: /home/kitten/kphp/kphp-polyfills + kphp_build_dir: /home/kitten/kphp/build + +jobs: + analyze: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - os: buster + compiler: g++ + cpp: 17 + asan: off + ubsan: off + + permissions: + security-events: write + packages: read + actions: read + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: cpp + + - name: Cache docker image + uses: actions/cache@v4 + id: docker-image-cache + with: + path: kphp-build-env-${{matrix.os}}.tar + key: docker-image-cache-${{matrix.os}}-${{ hashFiles('.github/workflows/Dockerfile.*', 'tests/python/requirements.txt') }} + + - name: Build and save docker image + if: steps.docker-image-cache.outputs.cache-hit != 'true' + run: | + docker build -f $GITHUB_WORKSPACE/.github/workflows/Dockerfile.${{matrix.os}} $GITHUB_WORKSPACE \ + -t kphp-build-img-${{matrix.os}} \ + --cache-from=type=local,src=kphp-build-img-${{matrix.os}}-cache + docker tag kphp-build-img-${{matrix.os}} kphp-build-img-${{matrix.os}}-cache + docker save kphp-build-img-${{matrix.os}}-cache -o kphp-build-env-${{matrix.os}}.tar + + - name: Load docker image from cache + if: steps.docker-image-cache.outputs.cache-hit == 'true' + run: docker load --input kphp-build-env-${{matrix.os}}.tar + + - name: Start docker container + run: | + docker run -dt --name kphp-build-container-${{matrix.os}} kphp-build-img-${{matrix.os}}-cache + docker cp $GITHUB_WORKSPACE/. kphp-build-container-${{matrix.os}}:${{env.kphp_root_dir}} + + - name: Add git safe directory + run: docker exec kphp-build-container-${{matrix.os}} bash -c + "git config --global --add safe.directory '*'" + # This command is used to address potential issues with Git's safe directory feature. + # By setting '*' as a safe directory, we allow Git operations to proceed without errors + # related to directory safety, ensuring smooth execution of the submodules updating. + + - name: Build all + run: docker exec kphp-build-container-${{matrix.os}} bash -c + "cmake -DCMAKE_CXX_COMPILER=${{matrix.compiler}} -DCMAKE_CXX_STANDARD=${{matrix.cpp}} -DADDRESS_SANITIZER=${{matrix.asan}} -DUNDEFINED_SANITIZER=${{matrix.ubsan}} -DPDO_DRIVER_MYSQL=ON -DPDO_DRIVER_PGSQL=ON -DPDO_LIBS_STATIC_LINKING=OFF -S ${{env.kphp_root_dir}} -B ${{env.kphp_build_dir}} && make -C ${{env.kphp_build_dir}} -j$(nproc) all" + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 \ No newline at end of file diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 51cd7fd607..2817fb6c0c 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -12,6 +12,7 @@ env: jobs: build-linux: + if: ${{ false }} runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/docs-site.yml b/.github/workflows/docs-site.yml index b07843a1b1..c2909381e3 100644 --- a/.github/workflows/docs-site.yml +++ b/.github/workflows/docs-site.yml @@ -27,6 +27,7 @@ env: jobs: # Build job build: + if: ${{ false }} runs-on: ubuntu-latest steps: - name: Checkout @@ -39,7 +40,7 @@ jobs: with: path: docs-build-env.tar key: docs-docker-image-cache-${{ hashFiles('.github/workflows/Dockerfile.docs') }} - + - name: Build and save docker image if: steps.docker-image-cache.outputs.cache-hit != 'true' run: | @@ -48,11 +49,11 @@ jobs: --cache-from=type=local,src=docs-build-img-cache docker tag docs-build-img docs-build-img-cache docker save docs-build-img-cache -o docs-build-env.tar - + - name: Load docker image from cache if: steps.docker-image-cache.outputs.cache-hit == 'true' run: docker load --input docs-build-env.tar - + - name: Start docker container run: | docker run -dt --name docs-build-container docs-build-img-cache @@ -61,10 +62,10 @@ jobs: - name: Build site with Jekyll run: docker exec docs-build-container bash -c "cd /home/kitten/docs && bundle install && bundle exec jekyll build --baseurl ${{env.DOCS_SITE_BASE_URL}} --source /home/kitten/docs --destination /home/kitten/docs/_site --trace" - + - name: Prepare artifacts run: docker cp docs-build-container:/home/kitten/docs/_site $GITHUB_WORKSPACE/ && tree $GITHUB_WORKSPACE/_site - + - name: Upload artifact uses: actions/upload-pages-artifact@v3 with: diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 8575f7ffb7..d11080b090 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -10,6 +10,7 @@ env: jobs: build-macos: + if: ${{ false }} runs-on: ${{matrix.os}}-14 strategy: matrix: diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 863f2aba03..7e76e5b316 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -12,6 +12,7 @@ env: jobs: build-linux: + if: ${{ false }} runs-on: ubuntu-latest strategy: matrix: