name: "AqlProfile CodeQL Advanced" on: push: branches: - develop paths: - 'projects/aqlprofile/**' pull_request: paths: - 'projects/aqlprofile/**' schedule: - cron: '0 0 * * *' env: EXCLUDED_PATHS: "" jobs: analyze: name: Analyze (${{ matrix.language }}) # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources # - https://gh.io/using-larger-runners (GitHub.com only) # Consider using larger runners or machines with greater resources for possible analysis time improvements. runs-on: ubuntu-latest container: rocm/dev-ubuntu-22.04:latest permissions: # required for all workflows security-events: write # required to fetch internal or private CodeQL packs packages: read # only required for workflows in private repositories actions: read contents: read strategy: fail-fast: false matrix: include: - language: c-cpp build-mode: manual - language: python build-mode: none - language: actions build-mode: none steps: - name: Install OS requirements timeout-minutes: 10 shell: bash run: | sudo apt update sudo apt install -y software-properties-common sudo apt-add-repository ppa:git-core/ppa sudo apt-get update sudo apt install -y git - name: Checkout repository uses: actions/checkout@v4 with: sparse-checkout: | projects/aqlprofile .github/workflows/aqlprofile-code-ql.yml - name: Configure Git Safe Directory shell: bash run: | cd projects/aqlprofile git config --global --add safe.directory '*' git config --global --add safe.directory '/__w/rocm-systems/rocm-systems' - if: matrix.build-mode == 'manual' name: Install requirements timeout-minutes: 10 shell: bash run: | cd projects/aqlprofile git config --global --add safe.directory '*' apt-get update apt-get install -y build-essential cmake g++-11 g++-12 python3-pip libdw-dev rocm-llvm-dev libgtest-dev libgmock-dev update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 10 --slave /usr/bin/g++ g++ /usr/bin/g++-11 --slave /usr/bin/gcov gcov /usr/bin/gcov-11 update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 20 --slave /usr/bin/g++ g++ /usr/bin/g++-12 --slave /usr/bin/gcov gcov /usr/bin/gcov-12 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-extended # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality # If the analyze step fails for one of the languages you are analyzing with # "We were unable to automatically build your code", modify the matrix above # to set the build mode to "manual" for that language. Then modify this step # to build your code. # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - if: matrix.build-mode == 'manual' name: Configure and Build timeout-minutes: 30 shell: bash run: | cd projects/aqlprofile cmake -B /tmp/build -DGPU_TARGETS='gfx906,gfx90a,gfx942,gfx1101,gfx1201' -DCMAKE_PREFIX_PATH=/opt/rocm cmake --build /tmp/build --target all --parallel 16 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}"