From 87af3b162650f15fd329729a801f7fbc041abec1 Mon Sep 17 00:00:00 2001 From: F1248 Date: Tue, 4 Feb 2025 23:29:21 +0100 Subject: [PATCH] Add CodeQL --- .github/workflows/Build-Genius.yml | 50 +++++++++++++++++++ .../Run-CodeQL-GitHub-Actions-Workflows.yml | 34 +++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 .github/workflows/Run-CodeQL-GitHub-Actions-Workflows.yml diff --git a/.github/workflows/Build-Genius.yml b/.github/workflows/Build-Genius.yml index 19216c5..dafc43d 100644 --- a/.github/workflows/Build-Genius.yml +++ b/.github/workflows/Build-Genius.yml @@ -34,6 +34,56 @@ env: NSUnbufferedIO: YES jobs: + Run-CodeQL: + name: Run CodeQL + runs-on: macos-15 + + permissions: + security-events: write + + steps: + - name: Select Xcode Version + uses: maxim-lobanov/setup-xcode@master + with: + xcode-version: latest + + - name: Checkout + uses: actions/checkout@main + + - name: Install xcbeautify + run: | + latest_xcbeautify_tag=$(gh release --repo cpisciotta/xcbeautify list --json tagName --limit 1 | cut -d "\"" -f 4) + curl --location https://github.com/cpisciotta/xcbeautify/releases/download/"$latest_xcbeautify_tag"/xcbeautify-"$latest_xcbeautify_tag"-arm64-apple-macosx.zip --output xcbeautify.zip + unzip xcbeautify.zip + echo "xcbeautify $(./xcbeautify --version) installed" + + - name: Work around https://github.com/github/codeql-action/issues/2506 + run: | + xcode_developer_directory=$(xcode-select --print-path) + ln "$xcode_developer_directory"/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift/host/*.dylib "$xcode_developer_directory"/Toolchains/XcodeDefault.xctoolchain/usr/lib + sudo mkdir /usr/local/lib + sudo ln "$xcode_developer_directory"/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift/host/*.dylib /usr/local/lib + + - name: Initialize CodeQL + uses: github/codeql-action/init@main + with: + languages: swift + + - name: Build Genius + run: | + set -o pipefail + xcodebuild build -scheme Genius -destination generic/platform=macOS -skipPackagePluginValidation | ./xcbeautify --disable-logging --renderer github-actions + + - name: Run Tests + run: | + set -o pipefail + # Work around https://github.com/github/codeql-cli-binaries/issues/97 by testing with `arch=x86_64` + defaults write "$PWD"/Genius/Info.plist LSRequiresNativeExecution -boolean false + xcodebuild test -scheme Genius -destination platform=macOS,arch=x86_64 -skipPackagePluginValidation | ./xcbeautify --disable-logging --renderer github-actions + + - name: Run CodeQL + uses: github/codeql-action/analyze@main + Run-Periphery: name: Run Periphery runs-on: macos-15 diff --git a/.github/workflows/Run-CodeQL-GitHub-Actions-Workflows.yml b/.github/workflows/Run-CodeQL-GitHub-Actions-Workflows.yml new file mode 100644 index 0000000..be3b7f3 --- /dev/null +++ b/.github/workflows/Run-CodeQL-GitHub-Actions-Workflows.yml @@ -0,0 +1,34 @@ +name: Run CodeQL on GitHub Actions Workflows + +on: + push: + paths: + - .github/workflows/** + pull_request: + paths: + - .github/workflows/** + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + Run-CodeQL-GitHub-Actions-Workflows: + name: Run CodeQL on GitHub Actions Workflows + runs-on: macos-15 + + permissions: + security-events: write + + steps: + - name: Checkout + uses: actions/checkout@main + + - name: Initialize CodeQL + uses: github/codeql-action/init@main + with: + languages: actions + + - name: Run CodeQL + uses: github/codeql-action/analyze@main