name: "CodeQL (Rust/C)" on: push: branches: [ main ] paths-ignore: - "doc/**" - "etc/schema.json" pull_request: # The branches below must be a subset of the branches above branches: [ main ] paths-ignore: - "doc/**" - "etc/schema.json" schedule: - cron: '18 21 * * 1' permissions: read-all concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: analyze: name: Analyze runs-on: ubuntu-latest continue-on-error: true permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: [ 'cpp', 'rust' ] steps: - name: Checkout repository uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v4.36.2 with: languages: ${{ matrix.language }} queries: security-extended - run: | sudo apt-get update sudo apt-get install libyaml-dev sudo apt-get install libssl-dev sudo apt-get install libpcre2-dev sudo apt-get install libjansson-dev sudo apt-get install libpcap-dev sudo apt-get install libnuma-dev cargo install cbindgen export PATH=/opt/work/.cargo/bin:$PATH chmod +x autogen.sh ./autogen.sh ./configure --enable-warnings --enable-unittests make - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4.36.2