name: rocprofiler-sdk Advanced Analysis

on:
  workflow_dispatch:
  pull_request:
    paths:
      - '.github/workflows/rocprofiler-sdk-codeql.yml'
      - 'projects/rocprofiler-sdk/**'
      - '!**/*.md'
      - '!**/*.rtf'
      - '!**/*.rst'
      - '!**/.markdownlint-ci2.yaml'
      - '!**/.readthedocs.yaml'
      - '!**/.spellcheck.local.yaml'
      - '!**/.wordlist.txt'
      - '!projects/rocprofiler-sdk/CODEOWNERS'
      - '!projects/rocprofiler-sdk/source/docs/**'

  push:
    branches:
      - develop
    paths:
      - '.github/workflows/rocprofiler-sdk-codeql.yml'
      - 'projects/rocprofiler-sdk/**'
      - '!**/*.md'
      - '!**/*.rtf'
      - '!**/*.rst'
      - '!**/.markdownlint-ci2.yaml'
      - '!**/.readthedocs.yaml'
      - '!**/.spellcheck.local.yaml'
      - '!**/.wordlist.txt'
      - '!projects/rocprofiler-sdk/CODEOWNERS'
      - '!projects/rocprofiler-sdk/source/docs/**'

env:
  ROCM_PATH: "/opt/rocm"
  GPU_TARGETS: "gfx906;gfx908;gfx90a;gfx942;gfx950;gfx1030;gfx1100;gfx1101;gfx1102;gfx1201"
  PATH: "/usr/bin:$PATH"
  EXCLUDED_PATHS: "external /tmp/build/external"
  GLOBAL_CMAKE_OPTIONS: "-DROCPROFILER_INTERNAL_RCCL_API_TRACE=ON"
  ENABLE_HIP_CLR_BUILD: "false"

jobs:
  analyze:
    name: Analyze (${{ matrix.language }})
    # Runner size impacts CodeQL analysis time. To learn more, please see:
    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
    #   - https://gh.io/supported-runners-and-hardware-resources
    #   - https://gh.io/using-larger-runners (GitHub.com only)
    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
    runs-on: ubuntu-latest

    container: rocm/dev-ubuntu-22.04:latest
    permissions:
      # required for all workflows
      security-events: write

      # required to fetch internal or private CodeQL packs
      packages: read

      # only required for workflows in private repositories
      actions: read
      contents: read

    strategy:
      fail-fast: false
      matrix:
        include:
        # cpp analysis disabled - takes too long and frequently times out
        # - language: cpp
        #   build-mode: manual
        - language: python
          build-mode: none
        - language : actions
          build-mode: none
    steps:
    - name: Install requirements
      timeout-minutes: 10
      shell: bash
      env:
        DEBIAN_FRONTEND: noninteractive
      run: |
        sudo apt update -y
        sudo apt upgrade -y
        sudo apt install -y software-properties-common wget rocm-llvm-dev
        sudo apt-add-repository ppa:git-core/ppa
        wget https://repo.radeon.com/rocm/rocm.gpg.key -O - | gpg --dearmor | sudo tee /etc/apt/keyrings/rocm.gpg > /dev/null
        sudo tee /etc/apt/sources.list.d/rocm.list << EOF
        deb [arch=amd64 signed-by=/etc/apt/keyrings/rocm.gpg] https://repo.radeon.com/rocm/apt/7.1 jammy main
        deb [arch=amd64 signed-by=/etc/apt/keyrings/rocm.gpg] https://repo.radeon.com/graphics/7.1/ubuntu jammy main
        EOF
        sudo apt update -y
        sudo apt upgrade -y
        sudo apt install -y git build-essential cmake g++-11 g++-12 python3-pip libdw-dev libsqlite3-dev rccl-dev libva-amdgpu-dev rocdecode-dev rocjpeg-dev
        sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 10 --slave /usr/bin/g++ g++ /usr/bin/g++-11 --slave /usr/bin/gcov gcov /usr/bin/gcov-11
        sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 20 --slave /usr/bin/g++ g++ /usr/bin/g++-12 --slave /usr/bin/gcov gcov /usr/bin/gcov-12
        git config --global --add safe.directory '*'

    - uses: actions/checkout@v4
      with:
        sparse-checkout: |
          projects/rocprofiler-sdk
          projects/clr
          projects/hip
          .github/workflows/rocprofiler-sdk-codeql.yml
          .github/workflows/rocprofiler-sdk-formatting.yml
        submodules: 'true'

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}
        queries: security-extended

    - name: Build and Install HIP
      if: ${{ env.ENABLE_HIP_CLR_BUILD == 'true' }}
      shell: bash
      working-directory: projects
      run: |
        export HIP_DIR=$PWD/hip
        export CLR_DIR=$PWD/clr
        export LD_LIBRARY_PATH=${{ env.ROCM_PATH }}/lib:${{ env.ROCM_PATH }}/llvm/lib:$LD_LIBRARY_PATH
        export PATH=${{ env.ROCM_PATH }}/bin:${{ env.ROCM_PATH }}/llvm/bin:$PATH
        echo "Install HIP..."
        cd $CLR_DIR
        pip install CppHeaderParser
        cmake \
          -DHIP_COMMON_DIR=$HIP_DIR \
          -DCMAKE_BUILD_TYPE=RelWithDebInfo \
          -DHIP_PLATFORM=amd \
          -DCMAKE_PREFIX_PATH='${{ env.ROCM_PATH }};${{ env.ROCM_PATH }}/llvm' \
          -DCMAKE_INSTALL_PREFIX=${{ env.ROCM_PATH }} \
          -DHIP_LLVM_ROOT=${{ env.ROCM_PATH }}/lib/llvm \
          -DHIP_CATCH_TEST=0 \
          -DCLR_BUILD_HIP=ON \
          -DCLR_BUILD_OCL=ON \
          -S $CLR_DIR \
          -B build
        cmake --build build --target all --parallel 8
        cmake --build build --target install
        echo "✅ HIP Installation complete!"

    - name: Configure and Build
      timeout-minutes: 30
      shell: bash
      run: |
        cd projects/rocprofiler-sdk
        python3 -m pip install -r requirements.txt
        cmake -B /tmp/build -DCMAKE_PREFIX_PATH=/opt/rocm ${{ env.GLOBAL_CMAKE_OPTIONS }} -DPython3_EXECUTABLE=$(which python3) .
        cmake --build /tmp/build --target all --parallel 16
        rm -rf ${EXCLUDED_PATHS}

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"