mirror of
https://github.com/github/codeql.git
synced 2026-01-17 00:14:51 +01:00
b58c856756
Repositories can be configured with Default access (restricted) https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token Best practice says that workflows should declare the minimal permissions they require. Without declaring permissions, paranoid forks fail miserably.
124 lines
3.7 KiB
YAML
124 lines
3.7 KiB
YAML
name: "Swift"
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- "swift/**"
|
|
- "misc/bazel/**"
|
|
- "misc/codegen/**"
|
|
- "*.bazel*"
|
|
- .github/workflows/swift.yml
|
|
- .github/actions/**
|
|
- codeql-workspace.yml
|
|
- .pre-commit-config.yaml
|
|
- "!**/*.md"
|
|
- "!**/*.qhelp"
|
|
branches:
|
|
- main
|
|
- rc/*
|
|
- codeql-cli-*
|
|
push:
|
|
paths:
|
|
- "swift/**"
|
|
- "misc/bazel/**"
|
|
- "misc/codegen/**"
|
|
- "*.bazel*"
|
|
- .github/workflows/swift.yml
|
|
- .github/actions/**
|
|
- codeql-workspace.yml
|
|
- "!**/*.md"
|
|
- "!**/*.qhelp"
|
|
branches:
|
|
- main
|
|
- rc/*
|
|
- codeql-cli-*
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
# not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
|
|
# without waiting for the macOS build
|
|
build-and-test-macos:
|
|
if: github.repository_owner == 'github'
|
|
runs-on: macos-12-xl
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./swift/actions/build-and-test
|
|
build-and-test-linux:
|
|
if: github.repository_owner == 'github'
|
|
runs-on: ubuntu-latest-xl
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./swift/actions/build-and-test
|
|
qltests-linux:
|
|
if: github.repository_owner == 'github'
|
|
needs: build-and-test-linux
|
|
runs-on: ubuntu-latest-xl
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./swift/actions/run-ql-tests
|
|
qltests-macos:
|
|
if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
|
|
needs: build-and-test-macos
|
|
runs-on: macos-12-xl
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./swift/actions/run-ql-tests
|
|
integration-tests-linux:
|
|
if: github.repository_owner == 'github'
|
|
needs: build-and-test-linux
|
|
runs-on: ubuntu-latest-xl
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./swift/actions/run-integration-tests
|
|
integration-tests-macos:
|
|
if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
|
|
needs: build-and-test-macos
|
|
runs-on: macos-12-xl
|
|
timeout-minutes: 60
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./swift/actions/run-integration-tests
|
|
clang-format:
|
|
if : ${{ github.event_name == 'pull_request' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
|
|
name: Check that python code is properly formatted
|
|
with:
|
|
extra_args: clang-format --all-files
|
|
codegen:
|
|
if : ${{ github.event_name == 'pull_request' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: bazelbuild/setup-bazelisk@v2
|
|
- uses: actions/setup-python@v4
|
|
with:
|
|
python-version-file: 'swift/.python-version'
|
|
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
|
|
name: Check that python code is properly formatted
|
|
with:
|
|
extra_args: autopep8 --all-files
|
|
- uses: ./.github/actions/fetch-codeql
|
|
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
|
|
name: Check that QL generated code was checked in
|
|
with:
|
|
extra_args: swift-codegen --all-files
|
|
- name: Generate C++ files
|
|
run: |
|
|
bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: swift-generated-cpp-files
|
|
path: generated-cpp-files/**
|
|
database-upgrade-scripts:
|
|
if : ${{ github.event_name == 'pull_request' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./.github/actions/fetch-codeql
|
|
- uses: ./swift/actions/database-upgrade-scripts
|