ci: Add CodeQL analysis workflow for enhanced security scanning #16
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2023 The DigiByte Core developers | |
| # Distributed under the MIT software license, see the accompanying | |
| # file COPYING or http://www.opensource.org/licenses/mit-license.php. | |
| name: DigiByte CI | |
| concurrency: | |
| group: ${{ github.event_name != 'pull_request' && github.run_id || github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| pull_request: | |
| branches: [develop, master] | |
| env: | |
| CI_FAILFAST_TEST_LEAVE_DANGLING: 1 # GHA does not care about dangling processes and setting this variable avoids killing the CI script itself on error | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Cache pip | |
| id: cache-pip | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/pip | |
| ~/.cache/pip3 | |
| key: v1-${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} | |
| restore-keys: v1-${{ runner.os }}-pip- | |
| - name: Cache BerkeleyDB | |
| id: cache-db4 | |
| uses: actions/cache@v3 | |
| with: | |
| path: db4 | |
| key: v1-${{ runner.os }}-db4-${{ hashFiles('contrib/install_db4.sh') }} | |
| restore-keys: v1-${{ runner.os }}-db4- | |
| - name: Cache depends build | |
| id: cache-depends | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| depends/built | |
| depends/sources | |
| depends/sdk-sources | |
| depends/work | |
| depends/x86_64-linux-gnu | |
| key: v1-${{ runner.os }}-depends-${{ hashFiles('depends/Makefile') }} | |
| restore-keys: | | |
| v1-${{ runner.os }}-depends- | |
| - name: Install Build Dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential libtool autotools-dev automake pkg-config python3 \ | |
| libssl-dev bsdmainutils libevent-dev \ | |
| libboost-dev libboost-system-dev libboost-filesystem-dev libboost-test-dev \ | |
| libsqlite3-dev \ | |
| libqt5gui5 libqt5core5a libqt5dbus5 qttools5-dev qttools5-dev-tools \ | |
| libqrencode-dev python3-zmq | |
| - name: Install Python Packages | |
| if: steps.cache-pip.outputs.cache-hit != 'true' | |
| run: | | |
| pip3 install pypandoc digibyte_scrypt pyzmq | |
| - name: Install BerkeleyDB | |
| if: steps.cache-db4.outputs.cache-hit != 'true' | |
| run: | | |
| ./contrib/install_db4.sh `pwd` --enable-cxx | |
| - name: Build Dependencies | |
| if: steps.cache-depends.outputs.cache-hit != 'true' | |
| run: | | |
| cd depends | |
| make -j$(nproc) HOST=x86_64-linux-gnu | |
| cd .. | |
| - name: Configure and Build | |
| run: | | |
| ./autogen.sh | |
| CONFIG_SITE=$PWD/depends/x86_64-linux-gnu/share/config.site ./configure --with-bdb --with-sqlite --with-gui=yes --with-zmq | |
| make -j$(nproc) | |
| - name: Run Tests | |
| run: make check -j$(nproc) | |
| - name: Upload Test Suite Log | |
| uses: actions/upload-artifact@v3 | |
| if: failure() | |
| with: | |
| name: test-suite-log | |
| path: test-suite.log |