vitess.io/vitess@v0.16.2/.github/workflows/codeql_analysis.yml (about) 1 name: "CodeQL" 2 3 on: 4 push: 5 branches: 6 - main 7 - release-**.0 8 schedule: 9 - cron: '0 0 * * 1' 10 workflow_dispatch: 11 12 jobs: 13 analyze: 14 name: Analyze 15 runs-on: ubuntu-22.04 16 permissions: 17 actions: read 18 contents: read 19 security-events: write 20 21 strategy: 22 fail-fast: false 23 matrix: 24 language: [ 'go', 'javascript', 'python' ] 25 26 steps: 27 - name: Checkout repository 28 uses: actions/checkout@v3 29 30 # Initializes the CodeQL tools for scanning. 31 - name: Initialize CodeQL 32 uses: github/codeql-action/init@v2 33 with: 34 languages: ${{ matrix.language }} 35 # If you wish to specify cu stom queries, you can do so here or in a config file. 36 # By default, queries listed here will override any specified in a config file. 37 # Prefix the list here with "+" to use these queries and those in the config file. 38 39 # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 40 # queries: security-extended,security-and-quality 41 42 - name: Set up Go 43 uses: actions/setup-go@v3 44 with: 45 go-version: 1.20.3 46 47 - name: Get base dependencies 48 run: | 49 sudo DEBIAN_FRONTEND="noninteractive" apt-get update 50 # Uninstall any previously installed MySQL first 51 sudo systemctl stop apparmor 52 sudo DEBIAN_FRONTEND="noninteractive" apt-get remove -y --purge mysql-server mysql-client mysql-common 53 sudo apt-get -y autoremove 54 sudo apt-get -y autoclean 55 sudo deluser mysql 56 sudo rm -rf /var/lib/mysql 57 sudo rm -rf /etc/mysql 58 # Install mysql80 59 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29 60 wget -c https://dev.mysql.com/get/mysql-apt-config_0.8.24-1_all.deb 61 echo mysql-apt-config mysql-apt-config/select-server select mysql-8.0 | sudo debconf-set-selections 62 sudo DEBIAN_FRONTEND="noninteractive" dpkg -i mysql-apt-config* 63 sudo apt-get update 64 sudo DEBIAN_FRONTEND="noninteractive" apt-get install -y mysql-server mysql-client 65 # Install everything else we need, and configure 66 sudo apt-get install -y make unzip g++ etcd curl git wget eatmydata 67 sudo service mysql stop 68 sudo service etcd stop 69 sudo bash -c "echo '/usr/sbin/mysqld { }' > /etc/apparmor.d/usr.sbin.mysqld" # https://bugs.launchpad.net/ubuntu/+source/mariadb-10.1/+bug/1806263 70 sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/ 71 sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld || echo "could not remove mysqld profile" 72 73 # install JUnit report formatter 74 go install github.com/vitessio/go-junit-report@HEAD 75 76 wget https://repo.percona.com/apt/percona-release_latest.$(lsb_release -sc)_all.deb 77 sudo apt-get install -y gnupg2 78 sudo dpkg -i percona-release_latest.$(lsb_release -sc)_all.deb 79 sudo apt-get update 80 sudo apt-get install percona-xtrabackup-24 81 82 - name: Building binaries 83 timeout-minutes: 30 84 run: | 85 source build.env 86 make build 87 88 - name: Perform CodeQL Analysis 89 uses: github/codeql-action/analyze@v2 90 91 - name: Slack Workflow Notification 92 if: ${{ failure() }} 93 uses: Gamesight/slack-workflow-status@master 94 with: 95 repo_token: ${{secrets.GITHUB_TOKEN}} 96 slack_webhook_url: ${{secrets.SLACK_WEBHOOK_URL}} 97 channel: '#codeql' 98 name: 'CodeQL Workflows' 99 100 - name: Fail if needed 101 if: ${{ failure() }} 102 run: | 103 exit 1