mirror of
https://github.com/curl/curl.git
synced 2026-04-12 00:11:42 +08:00
82fa9862df
To silence zizmor 1.16.0 warnings.
Also:
- http3-linux: replace hard-coded workflow name with variable.
Follow-up to a8174176b5 #13841
- codeql: set `cancel-in-progress: true`.
zizmor apparently does not allow `false` in pedantic mode anymore:
https://github.com/zizmorcore/zizmor/pull/1227
- codeql: sync concurrency setting with the rest of the jobs.
(I'm not sure this is correct, or why it was previously special-cased.)
Expressions used (before and after this patch):
- `group: ${{ github.workflow }}-${{ github.event.sha }}-${{ github.event.target_url }}`
for GHA/appveyor-status.
- `group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}`
for all the rest.
Ref: https://github.com/curl/curl/actions/runs/18776245057/job/53571438139?pr=19209
Closes #19215
135 lines
4.7 KiB
YAML
135 lines
4.7 KiB
YAML
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
#
|
|
# SPDX-License-Identifier: curl
|
|
|
|
name: 'CodeQL'
|
|
|
|
'on':
|
|
push:
|
|
branches:
|
|
- master
|
|
- '*/ci'
|
|
paths-ignore:
|
|
- '**/*.md'
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'packages/**'
|
|
- 'plan9/**'
|
|
- 'projects/**'
|
|
- 'tests/data/**'
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
paths-ignore:
|
|
- '**/*.md'
|
|
- '.circleci/**'
|
|
- 'appveyor.*'
|
|
- 'packages/**'
|
|
- 'plan9/**'
|
|
- 'projects/**'
|
|
- 'tests/data/**'
|
|
schedule:
|
|
- cron: '0 0 * * 4'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
gha_python:
|
|
name: 'GHA and Python'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
security-events: write # To create/update security events
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: 'initialize'
|
|
uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
|
|
with:
|
|
languages: actions, python
|
|
queries: security-extended
|
|
|
|
- name: 'perform analysis'
|
|
uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
|
|
|
|
c:
|
|
name: 'C'
|
|
runs-on: ${{ matrix.platform == 'Linux' && 'ubuntu-latest' || 'windows-2022' }}
|
|
permissions:
|
|
security-events: write # To create/update security events
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform: [Linux, Windows]
|
|
env:
|
|
MATRIX_PLATFORM: '${{ matrix.platform }}'
|
|
steps:
|
|
- name: 'install prereqs'
|
|
if: ${{ matrix.platform == 'Linux' }}
|
|
timeout-minutes: 5
|
|
run: |
|
|
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
|
|
sudo apt-get -o Dpkg::Use-Pty=0 update
|
|
sudo rm -f /var/lib/man-db/auto-update
|
|
sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libbrotli-dev libidn2-dev libssh2-1-dev libssh-dev \
|
|
libnghttp2-dev libldap-dev libkrb5-dev librtmp-dev libgnutls28-dev libwolfssl-dev
|
|
HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install c-ares gsasl libnghttp3 libngtcp2 mbedtls rustls-ffi
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: 'initialize'
|
|
uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
|
|
with:
|
|
languages: cpp
|
|
build-mode: manual
|
|
trap-caching: false
|
|
|
|
- name: 'build'
|
|
timeout-minutes: 10
|
|
shell: bash
|
|
run: |
|
|
if [ "${MATRIX_PLATFORM}" = 'Windows' ]; then
|
|
cmake -B . -DBUILD_SHARED_LIBS=OFF \
|
|
-DCMAKE_VS_GLOBALS=TrackFileAccess=false \
|
|
-DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF -DUSE_WIN32_IDN=ON
|
|
cmake --build . --verbose
|
|
src/Debug/curl.exe --disable --version
|
|
else
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
|
|
# MultiSSL
|
|
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
|
|
cmake -B _bld1 -G Ninja -DENABLE_DEBUG=ON \
|
|
-DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_WOLFSSL=ON \
|
|
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON -DUSE_ECH=ON -DENABLE_ARES=ON \
|
|
-DCURL_DISABLE_VERBOSE_STRINGS=ON
|
|
cmake --build _bld1
|
|
cmake --build _bld1 --target curlinfo
|
|
cmake --build _bld1 --target servers
|
|
cmake --build _bld1 --target tunits
|
|
cmake --build _bld1 --target units
|
|
cmake --build _bld1 --target curl-examples-build
|
|
|
|
# HTTP/3
|
|
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
|
|
cmake -B _bld2 -G Ninja \
|
|
-DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR="$(brew --prefix openssl)" -DUSE_NGTCP2=ON \
|
|
-DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON \
|
|
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
|
|
cmake --build _bld2
|
|
cmake --build _bld2 --target servers
|
|
|
|
_bld1/src/curl --disable --version
|
|
_bld2/src/curl --disable --version
|
|
fi
|
|
|
|
- name: 'perform analysis'
|
|
uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
|