2 files changed, 122 insertions, 0 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000..56b38cb71
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,51 @@
+name: Build CI
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: install dependencies
+      run: sudo apt-get install gcc-10 libapparmor-dev libselinux1-dev
+    - name: configure
+      run: CC=gcc-10 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux
+    - name: make
+      run: make
+  build-clang:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: configure
+      run: CC=clang-10 ./configure --enable-fatal-warnings
+    - name: make
+      run: make
+  scan-build:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: install clang-tools-10
+      run: sudo apt-get install clang-tools-10
+    - name: configure
+      run: CC=clang-10 ./configure --enable-fatal-warnings
+    - name: scan-build
+      run: NO_EXTRA_CFLAGS="yes" scan-build-10 --status-bugs make
+  cppcheck:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: install cppcheck
+      run: sudo apt-get install cppcheck
+    - name: cppcheck
+      run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance .
+  profile-sort:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: check profiles
+      run: ./contrib/sort.py etc/*/{*.inc,*.net,*.profile}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000000000..a37bbb5c7
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: '0 7 * * 2'
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        language: ['cpp', 'python']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file. 
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+    #- run: |
+    #   make bootstrap
+    #   make release
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..56b38cb71 --- /dev/null +++ b/.github/workflows/build.yml
@@ -0,0 +1,51 @@
	1	name: Build CI
	2
	3	on:
	4	push:
	5	branches: [ master ]
	6	pull_request:
	7	branches: [ master ]
	8
	9	jobs:
	10	build:
	11	runs-on: ubuntu-20.04
	12	steps:
	13	- uses: actions/checkout@v2
	14	- name: install dependencies
	15	run: sudo apt-get install gcc-10 libapparmor-dev libselinux1-dev
	16	- name: configure
	17	run: CC=gcc-10 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux
	18	- name: make
	19	run: make
	20	build-clang:
	21	runs-on: ubuntu-20.04
	22	steps:
	23	- uses: actions/checkout@v2
	24	- name: configure
	25	run: CC=clang-10 ./configure --enable-fatal-warnings
	26	- name: make
	27	run: make
	28	scan-build:
	29	runs-on: ubuntu-20.04
	30	steps:
	31	- uses: actions/checkout@v2
	32	- name: install clang-tools-10
	33	run: sudo apt-get install clang-tools-10
	34	- name: configure
	35	run: CC=clang-10 ./configure --enable-fatal-warnings
	36	- name: scan-build
	37	run: NO_EXTRA_CFLAGS="yes" scan-build-10 --status-bugs make
	38	cppcheck:
	39	runs-on: ubuntu-20.04
	40	steps:
	41	- uses: actions/checkout@v2
	42	- name: install cppcheck
	43	run: sudo apt-get install cppcheck
	44	- name: cppcheck
	45	run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance .
	46	profile-sort:
	47	runs-on: ubuntu-20.04
	48	steps:
	49	- uses: actions/checkout@v2
	50	- name: check profiles
	51	run: ./contrib/sort.py etc//{.inc,.net,.profile}


diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000..a37bbb5c7 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
	1	# For most projects, this workflow file will not need changing; you simply need
	2	# to commit it to your repository.
	3	#
	4	# You may wish to alter this file to override the set of languages analyzed,
	5	# or to provide custom queries or build logic.
	6	name: "CodeQL"
	7
	8	on:
	9	push:
	10	branches: [master]
	11	pull_request:
	12	# The branches below must be a subset of the branches above
	13	branches: [master]
	14	schedule:
	15	- cron: '0 7 * * 2'
	16
	17	jobs:
	18	analyze:
	19	name: Analyze
	20	runs-on: ubuntu-latest
	21
	22	strategy:
	23	fail-fast: false
	24	matrix:
	25	# Override automatic language detection by changing the below list
	26	# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
	27	language: ['cpp', 'python']
	28	# Learn more...
	29	# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
	30
	31	steps:
	32	- name: Checkout repository
	33	uses: actions/checkout@v2
	34	with:
	35	# We must fetch at least the immediate parents so that if this is
	36	# a pull request then we can checkout the head.
	37	fetch-depth: 2
	38
	39	# If this run was triggered by a pull request event, then checkout
	40	# the head of the pull request instead of the merge commit.
	41	- run: git checkout HEAD^2
	42	if: ${{ github.event_name == 'pull_request' }}
	43
	44	# Initializes the CodeQL tools for scanning.
	45	- name: Initialize CodeQL
	46	uses: github/codeql-action/init@v1
	47	with:
	48	languages: ${{ matrix.language }}
	49	# If you wish to specify custom queries, you can do so here or in a config file.
	50	# By default, queries listed here will override any specified in a config file.
	51	# Prefix the list here with "+" to use these queries and those in the config file.
	52	# queries: ./path/to/local/query, your-org/your-repo/queries@main
	53
	54	# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
	55	# If this step fails, then you should remove it and run the build manually (see below)
	56	- name: Autobuild
	57	uses: github/codeql-action/autobuild@v1
	58
	59	# ℹ️ Command-line programs to run using the OS shell.
	60	# 📚 https://git.io/JvXDl
	61
	62	# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
	63	# and modify them (or add more) to build your code if your project
	64	# uses a compiled language
	65
	66	#- run: \|
	67	# make bootstrap
	68	# make release
	69
	70	- name: Perform CodeQL Analysis
	71	uses: github/codeql-action/analyze@v1