Windows CI for Java #10897
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| - "v.?[0-9]+.[0-9]+.[0-9]+" | |
| - "v.?[0-9]+.[0-9]+" | |
| - "v?[0-9]+.[0-9]+.[0-9]+" | |
| - "v?[0-9]+.[0-9]+" | |
| - release-* | |
| pull_request: | |
| branches: | |
| - "main" | |
| - "v.?[0-9]+.[0-9]+.[0-9]+" | |
| - "v.?[0-9]+.[0-9]+" | |
| - "v?[0-9]+.[0-9]+.[0-9]+" | |
| - "v?[0-9]+.[0-9]+" | |
| - release-* | |
| schedule: | |
| - cron: "37 18 * * 6" | |
| workflow_dispatch: | |
| jobs: | |
| # Run CodeQL analysis for each language | |
| analyze: | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | |
| permissions: | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - language: go | |
| build-mode: manual | |
| - language: java-kotlin | |
| build-mode: manual | |
| - language: javascript-typescript | |
| build-mode: none | |
| - language: python | |
| build-mode: none | |
| - language: rust | |
| build-mode: none | |
| - language: c-cpp | |
| build-mode: manual | |
| - language: actions | |
| build-mode: none | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: ${{ matrix.build-mode }} | |
| config-file: .github/codeql/codeql-config.yml | |
| # C++ Build | |
| - name: Build C++ components | |
| if: matrix.language == 'c-cpp' | |
| shell: bash | |
| run: | | |
| cd glide-core | |
| cargo build --release | |
| # Go Build | |
| - name: Install protoc-gen-go | |
| if: matrix.language == 'go' | |
| shell: bash | |
| run: | | |
| # Ensure Go bin directory is in PATH | |
| export PATH=$PATH:$(go env GOPATH)/bin | |
| # Check if protoc-gen-go is already installed | |
| if ! command -v protoc-gen-go &> /dev/null; then | |
| echo "Installing protoc-gen-go..." | |
| go install google.golang.org/protobuf/cmd/[email protected] | |
| else | |
| echo "protoc-gen-go already installed: $(protoc-gen-go --version)" | |
| fi | |
| - name: Install protoc compiler | |
| if: matrix.language == 'go' | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Check if protoc is already installed with correct version | |
| if ! command -v protoc &> /dev/null || ! protoc --version | grep -q "29.1"; then | |
| echo "Installing protoc 29.1..." | |
| PB_REL="https://github.com/protocolbuffers/protobuf/releases" | |
| # Add authentication header if token is available | |
| if [ -n "$GITHUB_TOKEN" ]; then | |
| curl -H "Authorization: Bearer $GITHUB_TOKEN" -LO $PB_REL/download/v29.1/protoc-29.1-linux-x86_64.zip | |
| else | |
| curl -LO $PB_REL/download/v29.1/protoc-29.1-linux-x86_64.zip | |
| fi | |
| sudo unzip protoc-29.1-linux-x86_64.zip -d /usr/local | |
| sudo chmod +x /usr/local/bin/protoc | |
| else | |
| echo "protoc already installed: $(protoc --version)" | |
| fi | |
| - name: Build Go components | |
| if: matrix.language == 'go' | |
| shell: bash | |
| run: | | |
| # Ensure Go bin directory is in PATH | |
| export PATH=$PATH:$(go env GOPATH)/bin | |
| # Create minimal lib.h to satisfy CGO imports for CodeQL analysis | |
| echo "Creating minimal lib.h for CodeQL analysis..." | |
| echo "// Minimal header for CodeQL analysis" > go/lib.h | |
| echo "#ifndef LIB_H" >> go/lib.h | |
| echo "#define LIB_H" >> go/lib.h | |
| echo "// Placeholder definitions for CodeQL analysis" >> go/lib.h | |
| echo "#endif" >> go/lib.h | |
| # Generate protobuf files | |
| cd go | |
| make generate-protobuf | |
| # For CodeQL analysis, we just need the source code available | |
| # Try to build but don't fail if it can't link with Rust library | |
| echo "Attempting Go build for CodeQL analysis..." | |
| go build ./... || echo "Go build failed due to missing Rust dependencies, but source code is available for CodeQL analysis" | |
| # Java/Kotlin Build | |
| - name: Build Java/Kotlin components | |
| if: matrix.language == 'java-kotlin' | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Check if protoc is already installed with correct version | |
| if ! command -v protoc &> /dev/null || ! protoc --version | grep -q "29.1"; then | |
| echo "Installing protoc 29.1..." | |
| PB_REL="https://github.com/protocolbuffers/protobuf/releases" | |
| # Add authentication header if token is available | |
| if [ -n "$GITHUB_TOKEN" ]; then | |
| curl -H "Authorization: Bearer $GITHUB_TOKEN" -LO $PB_REL/download/v29.1/protoc-29.1-linux-x86_64.zip | |
| else | |
| curl -LO $PB_REL/download/v29.1/protoc-29.1-linux-x86_64.zip | |
| fi | |
| sudo unzip protoc-29.1-linux-x86_64.zip -d /usr/local | |
| sudo chmod +x /usr/local/bin/protoc | |
| else | |
| echo "protoc already installed: $(protoc --version)" | |
| fi | |
| - name: Compile Java/Kotlin components for CodeQL | |
| if: matrix.language == 'java-kotlin' | |
| shell: bash | |
| run: | | |
| # Build all Java components (skip Rust build for CodeQL analysis) | |
| cd java | |
| ./gradlew --build-cache assemble --exclude-task :client:buildRust | |
| - name: Debug - Verify .class files are produced | |
| if: matrix.language == 'java-kotlin' | |
| shell: bash | |
| run: | | |
| find java -name "*.class" || echo "No .class files found!" | |
| echo "Total .class files: $(find java -name "*.class" | wc -l)" | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/language:${{matrix.language}}" |