name: "CodeQL" on: workflow_dispatch: push: branches: [ 'codeql' ] pull_request: # The branches below must be a subset of the branches above. branches: [ 'master' ] paths: - '**.c' - '**.cpp' - '**.h' schedule: - cron: '33 7 * * 6' jobs: analyze: name: Analyze ${{ matrix.configuration }}-${{ matrix.platform }} runs-on: windows-2019 timeout-minutes: 45 permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: platform2: [ Win32, x64 ] include: - platform: x64 configuration: SbieRelease language: [ 'cpp' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Use only 'java' to analyze code written in Java, Kotlin or both. # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both. # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: 'Cleanup build folder' run: | rm ${{ github.workspace }}\* -r -Force - name: Checkout repository uses: actions/checkout@v3 - name: Setup msbuild uses: microsoft/setup-msbuild@v1 # Qt 6 is only required for ARM64 build currently. # - name: Install Qt6 x64 # uses: jurplel/install-qt-action@v3 # with: # version: '6.3.1' # arch: 'win64_msvc2019_64' - name: Install Qt5 x64 uses: jurplel/install-qt-action@v3 with: version: '5.15.2' arch: 'win64_msvc2019_64' cache: true - name: Installing Jom run: SandboxiePlus\install_jom.cmd # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - name: Build Sandboxie run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=${{ matrix.platform2 }} - name: Build Sandboxie-Plus x64 run: SandboxiePlus\qmake_plus.cmd ${{ matrix.platform }} - name: Build SbieShell x64 run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=${{ matrix.platform }} - name: Build Sandboxie-Tools x64 run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=${{ matrix.platform }} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}"