ci(codeql): use no build mode (#3943)

2025-06-07 17:19:04 -04:00 · 2025-06-07 17:19:04 -04:00 · a80ec75465
commit a80ec75465
parent 1938385bf0
4 changed files with 36 additions and 151 deletions
--- a/.codeql-prebuild-cpp-Linux.sh
+++ b/.codeql-prebuild-cpp-Linux.sh
@ -1,11 +0,0 @@
 # install dependencies for C++ analysis
 set -e
 chmod +x ./scripts/linux_build.sh
 ./scripts/linux_build.sh --skip-package --ubuntu-test-repo
 # Delete CUDA
 rm -rf ./build/cuda
 # skip autobuild
 echo "skip_autobuild=true" >> "$GITHUB_OUTPUT"
--- a/.codeql-prebuild-cpp-Windows.sh
+++ b/.codeql-prebuild-cpp-Windows.sh
@ -1,59 +0,0 @@
 # install dependencies for C++ analysis
 set -e
 # update pacman
 pacman --noconfirm -Syu
 gcc_version="14.2.0-3"
 broken_deps=(
  "mingw-w64-ucrt-x86_64-gcc"
  "mingw-w64-ucrt-x86_64-gcc-libs"
 )
 tarballs=""
 for dep in "${broken_deps[@]}"; do
  tarball="${dep}-${gcc_version}-any.pkg.tar.zst"
  # download and install working version
  wget https://repo.msys2.org/mingw/ucrt64/${tarball}
  tarballs="${tarballs} ${tarball}"
 done
 # install broken dependencies
 if [ -n "$tarballs" ]; then
  pacman -U --noconfirm ${tarballs}
 fi
 # install dependencies
 dependencies=(
  "git"
  "mingw-w64-ucrt-x86_64-cmake"
  "mingw-w64-ucrt-x86_64-cppwinrt"
  "mingw-w64-ucrt-x86_64-curl-winssl"
  "mingw-w64-ucrt-x86_64-MinHook"
  "mingw-w64-ucrt-x86_64-miniupnpc"
  "mingw-w64-ucrt-x86_64-nlohmann-json"
  "mingw-w64-ucrt-x86_64-nodejs"
  "mingw-w64-ucrt-x86_64-nsis"
  "mingw-w64-ucrt-x86_64-onevpl"
  "mingw-w64-ucrt-x86_64-openssl"
  "mingw-w64-ucrt-x86_64-opus"
  "mingw-w64-ucrt-x86_64-toolchain"
 )
 pacman -Syu --noconfirm --ignore="$(IFS=,; echo "${broken_deps[*]}")" "${dependencies[@]}"
 # build
 mkdir -p build
 cmake \
  -B build \
  -G Ninja \
  -S . \
  -DBUILD_DOCS=OFF \
  -DBUILD_WERROR=ON
 ninja -C build
 # skip autobuild
 echo "skip_autobuild=true" >> "$GITHUB_OUTPUT"
--- a/.codeql-prebuild-cpp-macOS.sh
+++ b/.codeql-prebuild-cpp-macOS.sh
@ -1,32 +0,0 @@
 # install dependencies for C++ analysis
 set -e
 # setup homebrew for x86_64
 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 eval "$(/usr/local/bin/brew shellenv)"
 # install dependencies
 dependencies=(
  "cmake"
  "miniupnpc"
  "ninja"
  "node"
  "openssl@3"
  "opus"
  "pkg-config"
 )
 brew install "${dependencies[@]}"
 # build
 mkdir -p build
 cmake \
  -B build \
  -G Ninja \
  -S . \
  -DBOOST_USE_STATIC=OFF \
  -DBUILD_DOCS=OFF \
  -DBUILD_WERROR=ON
 ninja -C build
 # skip autobuild
 echo "skip_autobuild=true" >> "$GITHUB_OUTPUT"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -39,13 +39,23 @@ jobs:
        uses: actions/github-script@v7
        with:
          script: |
-            // CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
+            // CodeQL supports the following:
-            // Use only 'java' to analyze code written in Java, Kotlin or both
+            // ['actions', 'c', 'cpp', 'csharp', 'go', 'java', 'javascript', 'kotlin', 'python', 'ruby', 'swift']
-            // Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+
            // Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-            const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
+            const supported_languages = [
              'cpp',
              'csharp',
              'go',
              'java',
              'javascript',
              'python',
              'ruby',
              'swift',
            ]
            const remap_languages = {
              'c': 'cpp',
              'c++': 'cpp',
              'c#': 'csharp',
              'kotlin': 'java',
@ -73,7 +83,8 @@ jobs:
                "category": "/language:actions",
                "language": "actions",
                "name": "actions",
-                "os": "ubuntu-latest"
+                "os": "ubuntu-latest",
                "build-mode": "none",
              });
            }
@ -94,8 +105,6 @@ jobs:
                let osList = ['ubuntu-latest'];
                if (normalizedKey === 'swift') {
                  osList = ['macos-latest'];
                } else if (normalizedKey === 'cpp') {
                  osList = ['macos-latest', 'ubuntu-latest', 'windows-latest'];
                }
                for (let os of osList) {
                  // set name for matrix
@ -103,8 +112,21 @@ jobs:
                  // set category for matrix
                  let category = `/language:${normalizedKey}`
-                  if (normalizedKey === 'cpp') {
+                  let build_mode = 'none';
-                    category = `/language:cpp-${os.split('-')[0]}`
+
                  // Set build mode based on language
                  switch (normalizedKey) {
                    case 'csharp':
                      build_mode = 'autobuild'
                      break
                    case 'go':
                      build_mode = 'autobuild'
                      break
                    case 'java':
                      build_mode = 'autobuild'
                      break
                    default:
                      build_mode = 'none'
                  }
                  // add to matrix
@ -112,7 +134,8 @@ jobs:
                    "category": category,
                    "language": normalizedKey,
                    "name": name,
-                    "os": os
+                    "os": os,
                    "build-mode": build_mode,
                  })
                }
              }
@ -140,9 +163,6 @@ jobs:
  analyze:
    name: Analyze (${{ matrix.name }})
    if: needs.languages.outputs.continue == 'true'
    defaults:
      run:
        shell: ${{ matrix.os == 'windows-latest' && 'msys2 {0}' || 'bash' }}
    env:
      GITHUB_CODEQL_BUILD: true
    needs: languages
@ -154,35 +174,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix: ${{ fromJson(needs.languages.outputs.matrix) }}
-    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 60 }}
    steps:
      - name: Maximize build space
        if: >-
          runner.os == 'Linux' &&
          matrix.language == 'cpp'
        uses: easimon/maximize-build-space@v10
        with:
          root-reserve-mb: 30720
          remove-dotnet: ${{ (matrix.language == 'csharp' && 'false') || 'true' }}
          remove-android: 'true'
          remove-haskell: 'true'
          remove-codeql: 'false'
          remove-docker-images: 'true'
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          submodules: recursive
      - name: Setup msys2
        if: >-
          runner.os == 'Windows' &&
          matrix.language == 'cpp'
        uses: msys2/setup-msys2@v2
        with:
          msystem: ucrt64
          update: true
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
@ -200,22 +198,11 @@ jobs:
              - build
              - node_modules
              - third-party
-
+          build-mode: ${{ matrix.build-mode || 'none' }}
      # Pre autobuild
      # create a file named .codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh in the root of your repository
      - name: Prebuild
        id: prebuild
        run: |
          # check if prebuild script exists
          filename=".codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh"
          if [ -f "./${filename}" ]; then
            echo "Running prebuild script: ${filename}"
            ./${filename}
          fi
      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
      - name: Autobuild
-        if: steps.prebuild.outputs.skip_autobuild != 'true'
+        if: matrix.build-mode == 'autobuild'
        uses: github/codeql-action/autobuild@v3
      - name: Perform CodeQL Analysis