feat: migrate away from Arduino #198
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'CodeQL' | |
| on: | |
| push: | |
| branches: ['master', 'develop'] | |
| pull_request: | |
| branches: ['master', 'develop'] | |
| schedule: | |
| - cron: '0 6 * * 1' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| env: | |
| OPENSHOCK_API_DOMAIN: api.openshock.app | |
| OPENSHOCK_FW_GIT_REF: ${{ github.ref }} | |
| OPENSHOCK_FW_GIT_COMMIT: ${{ github.sha }} | |
| OPENSHOCK_FW_BUILD_DATE: ${{ github.event.head_commit.timestamp }} | |
| jobs: | |
| # CodeQL only needs to compile the code for analysis; the exact version string | |
| # baked into the artifact is irrelevant here, so we use a placeholder instead | |
| # of running the heavyweight get-vars job (checkout depth 0 + pnpm + release- | |
| # tool) just to stamp it. | |
| analyze-js-py: | |
| name: Analyze JS/PY | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 10 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| env: | |
| OPENSHOCK_FW_VERSION: 0.0.0-codeql+build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: ['javascript-typescript', 'python'] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| submodules: recursive | |
| # Initializes the CodeQL tools for scanning. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@c35d1b164463ee62a100735382aaaa525c5d3496 # codeql-bundle-v2.25.6 | |
| with: | |
| languages: ${{ matrix.language }} | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@c35d1b164463ee62a100735382aaaa525c5d3496 # codeql-bundle-v2.25.6 | |
| # Build stuff here | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@c35d1b164463ee62a100735382aaaa525c5d3496 # codeql-bundle-v2.25.6 | |
| with: | |
| category: '/language:${{matrix.language}}' | |
| analyze-cpp: | |
| name: Analyze C/C++ | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 15 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| env: | |
| language: 'c-cpp' | |
| OPENSHOCK_FW_VERSION: 0.0.0-codeql+build | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| # flatbuffers runtime lives in a submodule (components/flatbuffers). | |
| submodules: recursive | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@c35d1b164463ee62a100735382aaaa525c5d3496 # codeql-bundle-v2.25.6 | |
| with: | |
| languages: ${{ env.language }} | |
| - uses: ./.github/actions/build-compilationdb | |
| with: | |
| version: 0.0.0-codeql+build | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@c35d1b164463ee62a100735382aaaa525c5d3496 # codeql-bundle-v2.25.6 | |
| with: | |
| category: '/language:${{ env.language }}' |