name: "CodeQL" on: schedule: - cron: '33 14 * * 4' workflow_dispatch: permissions: contents: read jobs: init: if: github.repository == 'emqx/emqx' runs-on: ubuntu-22.04 outputs: BUILDER_master: ${{ steps.env.outputs.BUILDER_master }} BUILDER_release-58: ${{ steps.env.outputs.BUILDER_release-58 }} strategy: fail-fast: false matrix: branch: - master - release-58 steps: - name: Checkout repository uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ matrix.branch }} - name: Read env.sh id: env run: | source env.sh echo "BUILDER_${{ matrix.branch }}=$EMQX_BUILDER" >> "$GITHUB_OUTPUT" analyze: if: github.repository == 'emqx/emqx' runs-on: ubuntu-22.04 timeout-minutes: 360 permissions: actions: read security-events: write needs: init container: ${{ needs.init.outputs[format('BUILDER_{0}', matrix.branch)] }} strategy: fail-fast: false matrix: branch: - master - release-58 language: - cpp - python steps: - name: Checkout repository uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ matrix.branch }} - name: Ensure git safe dir run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" make ensure-rebar3 - name: Initialize CodeQL uses: github/codeql-action/init@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5 with: languages: ${{ matrix.language }} - name: Build if: matrix.language == 'cpp' env: PROFILE: emqx-enterprise run: | make emqx-enterprise-compile - name: Fetch deps if: matrix.language == 'python' env: PROFILE: emqx-enterprise run: | make deps-emqx-enterprise - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5 with: category: "/language:${{matrix.language}}"