forked from vitessio/vitess
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Addition of CodeQL workflow (vitessio#11207)
Signed-off-by: Florent Poinsard <[email protected]> Signed-off-by: Florent Poinsard <[email protected]>
- Loading branch information
Showing
1 changed file
with
88 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
name: "CodeQL" | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- release-**.0 | ||
schedule: | ||
- cron: '0 0 * * 1' | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: [ 'go', 'javascript', 'python' ] | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# If you wish to specify cu stom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
|
||
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | ||
# queries: security-extended,security-and-quality | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: 1.18.5 | ||
|
||
- name: Get base dependencies | ||
run: | | ||
sudo DEBIAN_FRONTEND="noninteractive" apt-get update | ||
# Uninstall any previously installed MySQL first | ||
sudo systemctl stop apparmor | ||
sudo DEBIAN_FRONTEND="noninteractive" apt-get remove -y --purge mysql-server mysql-client mysql-common | ||
sudo apt-get -y autoremove | ||
sudo apt-get -y autoclean | ||
sudo deluser mysql | ||
sudo rm -rf /var/lib/mysql | ||
sudo rm -rf /etc/mysql | ||
# Install mysql80 | ||
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29 | ||
wget -c https://dev.mysql.com/get/mysql-apt-config_0.8.20-1_all.deb | ||
echo mysql-apt-config mysql-apt-config/select-server select mysql-8.0 | sudo debconf-set-selections | ||
sudo DEBIAN_FRONTEND="noninteractive" dpkg -i mysql-apt-config* | ||
sudo apt-get update | ||
sudo DEBIAN_FRONTEND="noninteractive" apt-get install -y mysql-server mysql-client | ||
# Install everything else we need, and configure | ||
sudo apt-get install -y make unzip g++ etcd curl git wget eatmydata | ||
sudo service mysql stop | ||
sudo service etcd stop | ||
sudo bash -c "echo '/usr/sbin/mysqld { }' > /etc/apparmor.d/usr.sbin.mysqld" # https://bugs.launchpad.net/ubuntu/+source/mariadb-10.1/+bug/1806263 | ||
sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/ | ||
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld || echo "could not remove mysqld profile" | ||
# install JUnit report formatter | ||
go install github.com/vitessio/go-junit-report@HEAD | ||
wget https://repo.percona.com/apt/percona-release_latest.$(lsb_release -sc)_all.deb | ||
sudo apt-get install -y gnupg2 | ||
sudo dpkg -i percona-release_latest.$(lsb_release -sc)_all.deb | ||
sudo apt-get update | ||
sudo apt-get install percona-xtrabackup-24 | ||
- name: Building last release's binaries | ||
timeout-minutes: 10 | ||
run: | | ||
source build.env | ||
make build | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 |