name: "CodeQL Advanced Analysis" on: workflow_dispatch: pull_request: branches: - amd-staging paths-ignore: - '*.md' - 'source/docs/**' - 'CODEOWNERS' push: branches: - amd-staging paths-ignore: - '*.md' - 'source/docs/**' - 'CODEOWNERS' env: ROCM_PATH: "/opt/rocm" GPU_TARGETS: "gfx900 gfx906 gfx908 gfx90a gfx940 gfx941 gfx942 gfx1030 gfx1100 gfx1101 gfx1102" PATH: "/usr/bin:$PATH" EXCLUDED_PATHS: "external /tmp/build/external" jobs: analyze: name: Analyze (${{ matrix.language }}) # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources # - https://gh.io/using-larger-runners (GitHub.com only) # Consider using larger runners or machines with greater resources for possible analysis time improvements. runs-on: gpuless-emu-runner-set permissions: # required for all workflows security-events: write # required to fetch internal or private CodeQL packs packages: read # only required for workflows in private repositories actions: read contents: read strategy: fail-fast: false matrix: include: - language: cpp build-mode: manual - language: python build-mode: none - language : actions build-mode: none steps: - uses: actions/checkout@v4 - name: Install requirements timeout-minutes: 10 shell: bash run: | git config --global --add safe.directory '*' apt-get update apt-get install -y build-essential cmake g++-11 g++-12 python3-pip libdw-dev libsqlite3-dev rccl-dev rccl-unittests update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 10 --slave /usr/bin/g++ g++ /usr/bin/g++-11 --slave /usr/bin/gcov gcov /usr/bin/gcov-11 update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 20 --slave /usr/bin/g++ g++ /usr/bin/g++-12 --slave /usr/bin/gcov gcov /usr/bin/gcov-12 python3 -m pip install -r requirements.txt # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-extended - name: Configure and Build timeout-minutes: 30 shell: bash run: | cmake -B /tmp/build -DCMAKE_PREFIX_PATH=/opt/rocm -DPython3_EXECUTABLE=$(which python3) . cmake --build /tmp/build --target all --parallel 16 rm -rf ${EXCLUDED_PATHS} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}"