From b951c8f2052c63e122648c95ee58d6c12d164271 Mon Sep 17 00:00:00 2001 From: saso badovinac Date: Fri, 16 May 2025 12:10:12 +0200 Subject: [PATCH] Update codeql.yml Change the cpp dependencies install to ./package/ubuntu/install-apt-packages.sh (cpp scan is still disabled) and activate the extended security queries --- .github/workflows/codeql.yml | 73 +++--------------------------------- 1 file changed, 6 insertions(+), 67 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5bfe0b9664..8a954f4e5d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -89,72 +89,7 @@ jobs: # Install FreeCAD dependencies (cpp) - name: Setup build environment if: ${{ matrix.language == 'c-cpp' }} - run: | - sudo apt-get update -qq - sudo apt-get install -y --no-install-recommends \ - doxygen \ - graphviz \ - imagemagick \ - libboost-date-time-dev \ - libboost-dev \ - libboost-filesystem-dev \ - libboost-graph-dev \ - libboost-iostreams-dev \ - libboost-program-options-dev \ - libboost-python-dev \ - libboost-regex-dev \ - libboost-serialization-dev \ - libboost-thread-dev \ - libcoin-dev \ - libeigen3-dev \ - libfmt-dev \ - libgts-bin \ - libgts-dev \ - libkdtree++-dev \ - libmedc-dev \ - libmetis-dev \ - libocct-data-exchange-dev \ - libocct-ocaf-dev \ - libocct-visualization-dev \ - libopencv-dev \ - libproj-dev \ - libpcl-dev \ - libpyside2-dev \ - libqt5opengl5-dev \ - libqt5svg5-dev \ - libqt5x11extras5-dev \ - libshiboken2-dev \ - libspnav-dev \ - libvtk9-dev \ - libx11-dev \ - libxerces-c-dev \ - libyaml-cpp-dev \ - libzipios++-dev \ - netgen \ - netgen-headers \ - occt-draw \ - pybind11-dev \ - pyqt5-dev-tools \ - pyside2-tools \ - python3-dev \ - python3-git \ - python3-markdown \ - python3-matplotlib \ - python3-netgen \ - python3-packaging \ - python3-pivy \ - python3-ply \ - python3-pyside2.qtcore \ - python3-pyside2.qtgui \ - python3-pyside2.qtnetwork \ - python3-pyside2.qtsvg \ - python3-pyside2.qtwidgets \ - qtbase5-dev \ - qttools5-dev \ - shiboken2 \ - swig \ - xvfb \ - jq + run: ./package/ubuntu/install-apt-packages.sh # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` @@ -173,9 +108,13 @@ jobs: # Prefix the list here with "+" to use these queries and those in the config file. # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended + queries: security-extended # queries: security-and-quality + + # Change the CodeQL Bundle version # tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.7/codeql-bundle-linux64.tar.gz + + # Add exclusions config: | query-filters: - exclude: