-
Notifications
You must be signed in to change notification settings - Fork 218
122 lines (106 loc) · 4.54 KB
/
codeql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# SPDX-FileCopyrightText: Copyright (c) 2022-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: LicenseRef-NvidiaProprietary
#
# NVIDIA CORPORATION, its affiliates and licensors retain all intellectual
# property and proprietary rights in and to this material, related
# documentation and any modifications thereto. Any use, reproduction,
# disclosure or distribution of this material and related documentation
# without an express license agreement from NVIDIA CORPORATION or
# its affiliates is strictly prohibited.
name: "CodeQL"
on:
push:
branches: [ "main", "release_v*" ]
pull_request:
branches: [ "main", "release_v*" ]
schedule:
- cron: '28 22 * * 1'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-20.04-64core
timeout-minutes: 360
permissions:
actions: write
contents: write
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'c-cpp', 'javascript-typescript', 'python' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
lfs: true
submodules: 'recursive'
- if: matrix.language == 'c-cpp'
name: Setup environment
run: |
sudo apt update -y && sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y && \
sudo apt update -y && sudo apt install -y --no-install-recommends \
git git-lfs gcc-11 g++-11 ninja-build ccache libgtest-dev libgmock-dev \
shellcheck curl doxygen python3 python3-pip python3-dev python3-distutils \
texlive-latex-extra ghostscript graphviz \
&& curl -L https://cmake.org/files/v3.20/cmake-3.20.1-linux-x86_64.tar.gz --output /tmp/cmake-3.20.1.tar.gz \
&& tar -xzf /tmp/cmake-3.20.1.tar.gz -C /tmp/ && sudo cp -r /tmp/cmake-3.20.1-linux-x86_64/bin/ /usr/local/ \
&& sudo cp -r /tmp/cmake-3.20.1-linux-x86_64/share/ /usr/local/ && sudo cp -r /tmp/cmake-3.20.1-linux-x86_64/doc/ /usr/local/ \
&& rm -rf /tmp/cmake-3.20.1*
- if: matrix.language == 'c-cpp'
name: Install Python Dependencies
run: |
sudo apt update -y && sudo apt install -y --no-install-recommends \
python3 python3-pip python3-dev python3-distutils doxygen && sudo rm -rf /var/lib/apt/lists/* \
&& python3 -m pip install sphinx-rtd-theme sphinx breathe recommonmark graphviz \
&& python3 -m pip install numpy==1.24.1 patchelf==0.17.2.1
- if: matrix.language == 'c-cpp'
name: Install CUDA Toolkit
uses: Jimver/[email protected]
id: cuda-toolkit
with:
cuda: '11.7.1'
linux-local-args: '["--toolkit"]'
- if: matrix.language == 'c-cpp'
name: Verify CUDA installation
run: |
echo "Installed CUDA version is: ${{ steps.cuda-toolkit.outputs.cuda }}"
echo "CUDA install location: ${{ steps.cuda-toolkit.outputs.CUDA_PATH }}"
sudo ln -s ${{ steps.cuda-toolkit.outputs.CUDA_PATH }}/lib64/libcudart.so \
/usr/lib/x86_64-linux-gnu/libcuda.so
nvcc -V
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: +security-and-quality
- if: matrix.language != 'c-cpp'
name: Autobuild
uses: github/codeql-action/autobuild@v3
- if: matrix.language == 'c-cpp'
name: Build CMake project
run: |
echo "Running CMake project build script"
./ci/build.sh debug build "-DBUILD_SAMPLES=OFF -DBUILD_TESTS=OFF -DBUILD_PYTHON=ON" $*
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
- if: matrix.language == 'c-cpp' && github.event_name == 'push'
name: Build Docs and Clean up Sphinx Build Directory
run: |
./ci/build.sh debug build "-DBUILD_SAMPLES=OFF -DBUILD_TESTS=OFF -DBUILD_DOCS=ON -DBUILD_PYTHON=ON -DPYTHON_VERSIONS=3.8" $*
find build/docs/sphinx -name '*.doctree' -delete
find build/docs/sphinx -name '*.map' -delete
find build/docs/sphinx -name '*.pickle' -delete
find build/docs/sphinx -name '*.inv' -delete
find build/docs/sphinx -name '*.gz' -delete
- if: matrix.language == 'c-cpp' && github.event_name == 'push'
name: Create .nojekyll file
run: touch build/docs/sphinx/.nojekyll
- if: matrix.language == 'c-cpp' && github.event_name == 'push'
name: Deploy to GitHub Pages
uses: JamesIves/github-pages-deploy-action@v4
with:
folder: build/docs/sphinx
branch: gh-pages
clean: true