diff options
Diffstat (limited to '.github/workflows/check-c.yml')
| -rw-r--r-- | .github/workflows/check-c.yml | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml index 16e034d48..b1bda3bd4 100644 --- a/.github/workflows/check-c.yml +++ b/.github/workflows/check-c.yml | |||
| @@ -43,9 +43,10 @@ permissions: # added using https://github.com/step-security/secure-workflows | |||
| 43 | jobs: | 43 | jobs: |
| 44 | scan-build: | 44 | scan-build: |
| 45 | runs-on: ubuntu-22.04 | 45 | runs-on: ubuntu-22.04 |
| 46 | timeout-minutes: 10 | ||
| 46 | steps: | 47 | steps: |
| 47 | - name: Harden Runner | 48 | - name: Harden Runner |
| 48 | uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | 49 | uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 |
| 49 | with: | 50 | with: |
| 50 | egress-policy: block | 51 | egress-policy: block |
| 51 | allowed-endpoints: > | 52 | allowed-endpoints: > |
| @@ -74,9 +75,10 @@ jobs: | |||
| 74 | 75 | ||
| 75 | cppcheck: | 76 | cppcheck: |
| 76 | runs-on: ubuntu-22.04 | 77 | runs-on: ubuntu-22.04 |
| 78 | timeout-minutes: 10 | ||
| 77 | steps: | 79 | steps: |
| 78 | - name: Harden Runner | 80 | - name: Harden Runner |
| 79 | uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | 81 | uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 |
| 80 | with: | 82 | with: |
| 81 | egress-policy: block | 83 | egress-policy: block |
| 82 | allowed-endpoints: > | 84 | allowed-endpoints: > |
| @@ -101,9 +103,10 @@ jobs: | |||
| 101 | # scan all files also with older cppcheck version from ubuntu 20.04. | 103 | # scan all files also with older cppcheck version from ubuntu 20.04. |
| 102 | cppcheck_old: | 104 | cppcheck_old: |
| 103 | runs-on: ubuntu-20.04 | 105 | runs-on: ubuntu-20.04 |
| 106 | timeout-minutes: 10 | ||
| 104 | steps: | 107 | steps: |
| 105 | - name: Harden Runner | 108 | - name: Harden Runner |
| 106 | uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | 109 | uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 |
| 107 | with: | 110 | with: |
| 108 | egress-policy: block | 111 | egress-policy: block |
| 109 | allowed-endpoints: > | 112 | allowed-endpoints: > |
| @@ -129,10 +132,11 @@ jobs: | |||
| 129 | contents: read | 132 | contents: read |
| 130 | security-events: write | 133 | security-events: write |
| 131 | runs-on: ubuntu-latest | 134 | runs-on: ubuntu-latest |
| 135 | timeout-minutes: 10 | ||
| 132 | 136 | ||
| 133 | steps: | 137 | steps: |
| 134 | - name: Harden Runner | 138 | - name: Harden Runner |
| 135 | uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | 139 | uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 |
| 136 | with: | 140 | with: |
| 137 | disable-sudo: true | 141 | disable-sudo: true |
| 138 | egress-policy: block | 142 | egress-policy: block |
| @@ -150,7 +154,7 @@ jobs: | |||
| 150 | 154 | ||
| 151 | # Initializes the CodeQL tools for scanning. | 155 | # Initializes the CodeQL tools for scanning. |
| 152 | - name: Initialize CodeQL | 156 | - name: Initialize CodeQL |
| 153 | uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 | 157 | uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 |
| 154 | with: | 158 | with: |
| 155 | languages: cpp | 159 | languages: cpp |
| 156 | 160 | ||
| @@ -161,4 +165,4 @@ jobs: | |||
| 161 | run: make -j "$(nproc)" | 165 | run: make -j "$(nproc)" |
| 162 | 166 | ||
| 163 | - name: Perform CodeQL Analysis | 167 | - name: Perform CodeQL Analysis |
| 164 | uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 | 168 | uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 |