# Copyright (C) Daniel Stenberg, , et al. # # SPDX-License-Identifier: curl name: 'CodeQL' 'on': push: branches: - master - '*/ci' paths-ignore: - '**/*.md' - '.circleci/**' - 'appveyor.*' - 'projects/**' - 'tests/data/**' pull_request: branches: - master paths-ignore: - '**/*.md' - '.circleci/**' - 'appveyor.*' - 'projects/**' - 'tests/data/**' schedule: - cron: '0 0 * * 4' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} cancel-in-progress: true permissions: {} jobs: gha_python: if: ${{ github.repository_owner == 'curl' || github.event_name != 'schedule' }} name: 'GHA and Python' runs-on: ubuntu-latest permissions: security-events: write # To create/update security events steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'initialize' uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: languages: actions, python queries: security-extended - name: 'perform analysis' uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 c: if: ${{ github.repository_owner == 'curl' || github.event_name != 'schedule' }} name: 'C' runs-on: ${{ matrix.platform == 'Linux' && 'ubuntu-latest' || 'windows-2022' }} permissions: security-events: write # To create/update security events strategy: fail-fast: false matrix: platform: [Linux, Windows] env: MATRIX_PLATFORM: '${{ matrix.platform }}' steps: - name: 'install prereqs' if: ${{ matrix.platform == 'Linux' }} timeout-minutes: 5 run: | sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} sudo apt-get -o Dpkg::Use-Pty=0 update sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libbrotli-dev libidn2-dev libssh2-1-dev libssh-dev \ libnghttp2-dev libldap-dev libkrb5-dev librtmp-dev libgnutls28-dev libwolfssl-dev HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install c-ares gsasl libnghttp3 libngtcp2 mbedtls rustls-ffi - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'initialize' uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: languages: cpp build-mode: manual trap-caching: false - name: 'build' timeout-minutes: 10 shell: bash run: | if [ "${MATRIX_PLATFORM}" = 'Windows' ]; then cmake -B . -DBUILD_SHARED_LIBS=OFF \ -DCMAKE_VS_GLOBALS=TrackFileAccess=false \ -DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF -DUSE_WIN32_IDN=ON cmake --build . --verbose src/Debug/curl.exe --disable --version else eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" # MultiSSL export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" cmake -B _bld1 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DENABLE_DEBUG=ON \ -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_WOLFSSL=ON \ -DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON -DUSE_ECH=ON -DENABLE_ARES=ON \ -DCURL_DISABLE_VERBOSE_STRINGS=ON cmake --build _bld1 cmake --build _bld1 --target testdeps cmake --build _bld1 --target curl-examples-build # HTTP/3 export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" cmake -B _bld2 -G Ninja -DCURL_DISABLE_TYPECHECK=ON \ -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR="$(brew --prefix openssl)" -DUSE_NGTCP2=ON \ -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON \ -DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON cmake --build _bld2 cmake --build _bld2 --target testdeps cmake --build _bld2 --target curl-examples-build _bld1/src/curl --disable --version _bld2/src/curl --disable --version fi - name: 'perform analysis' uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9