Upload folder using huggingface_hub

a5ffdcd verified about 1 month ago

4.65 kB

	name: "CodeQL"

	on:
	push:
	branches: [ 'master' ]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ 'master' ]
	schedule:
	- cron: '59 14 * * 2'

	jobs:
	analyze:
	name: Analyze

	runs-on: ubuntu-latest

	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [ 'cpp' ]
	# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
	# Use only 'java' to analyze code written in Java, Kotlin or both
	# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
	# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

	steps:
	- name: Checkout code
	uses: actions/checkout@main
	with:
	fetch-depth: 0

	- name: Install Qt6
	uses: jurplel/install-qt-action@v4
	with:
	aqtversion: '==3.1.*'
	version: '6.9.*'
	host: 'linux'
	target: 'desktop'
	arch: 'linux_gcc_64'
	modules: 'qtwaylandcompositor'

	- name: Install Qt and dependencies
	run: \|
	sudo apt-get -y update
	# ubuntu jammy(22.04) libqt6core5compat6-dev
	# ubuntu nobel(24.04) qt6-5compat-dev
	sudo apt-get -qq install qtchooser libqt6core5compat6-dev libgl-dev libmuparser-dev libboost-dev librsvg2-bin libfreetype6-dev libicu-dev pkg-config libfuse2
	sudo ln -snf /usr/lib/x86_64-linux-gnu/qtchooser/qt5.conf /usr/lib/x86_64-linux-gnu/qtchooser/default.conf
	sudo rm -rf /usr/local/lib/android

	- name: Install Clang
	run: \|
	sudo apt-get -qq install clang-15 clang-tools-15

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}
	# If you wish to specify custom queries, you can do so here or in a config file.
	# By default, queries listed here will override any specified in a config file.
	# Prefix the list here with "+" to use these queries and those in the config file.

	# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
	# queries: security-extended,security-and-quality


	- name: Build
	run: \|
	export CC=g++
	qmake6 -r librecad.pro CONFIG+=debug_and_release PREFIX=/usr
	make release -j$(nproc)

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:${{matrix.language}}"


	ClangScan:
	name: Security scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@main
	with:
	fetch-depth: 0

	- name: Install Qt6
	uses: jurplel/install-qt-action@v4
	with:
	aqtversion: '==3.1.*'
	version: '6.9.0'
	host: 'linux'
	target: 'desktop'
	arch: 'linux_gcc_64'
	modules: 'qtwaylandcompositor'

	- name: Install dependencies
	run: \|
	sudo apt-get -y update
	sudo apt-get -qq install \
	libgl-dev libmuparser-dev libboost-dev librsvg2-bin libfreetype6-dev libicu-dev pkg-config libfuse2
	sudo rm -rf /usr/local/lib/android

	- name: Install Clang
	run: \|
	sudo apt-get -qq install clang-15 clang-tools-15

	- name: Build and analyze
	run: \|
	export CC=g++
	export ANALYZE="scan-build-15 -o out --use-cc=g++ --use-analyzer=/usr/bin/clang++ "
	${ANALYZE}qmake6 -r librecad.pro CONFIG+=debug_and_release PREFIX=/usr
	${ANALYZE}make release -j$(nproc)

	- name: Create report repository
	run: \|
	cd out
	find . -mindepth 2 -type f -print -exec mv {} . \;
	git config --global user.email "github@librecad.org"
	git config --global user.name "GHA CI [bot]"
	git config --global init.defaultBranch gh-pages
	git init
	git add .
	git commit -m "latest analyzer report"

	- name: Push changes
	if: github.repository_owner == 'LibreCAD'
	uses: ad-m/github-push-action@master
	with:
	repository: ${{github.repository_owner}}/static-analyzer-reports
	github_token: ${{secrets.LC_PUSH_ANALYZER_REPORT}}
	branch: gh-pages
	force: true
	directory: out