From 720b103df07c0fd61850a4f81acafd41bdf3b658 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 22 Jul 2020 16:12:16 +1200 Subject: [PATCH 01/18] Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 54 +++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000000..9625bba0f06 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,54 @@ +name: "CodeQL" + +on: + push: + branches: [master, SQUID_NT_3_0, cbdatahistory, mswin, v3.0, v3.1, v3.2, v3.3, v3.4, v3.5, v4, v5] + pull_request: + # The branches below must be a subset of the branches above + branches: [master] + schedule: + - cron: '0 5 * * 3' + +jobs: + analyse: + name: Analyse + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + # Override language selection by uncommenting this and choosing your languages + # with: + # languages: go, javascript, csharp, python, cpp, java + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 6e7e1f829fb41f895a0cc52278bf0970825cbbb6 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Tue, 25 May 2021 00:23:06 +1200 Subject: [PATCH 02/18] Update codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9625bba0f06..d1e6688423e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -2,7 +2,7 @@ name: "CodeQL" on: push: - branches: [master, SQUID_NT_3_0, cbdatahistory, mswin, v3.0, v3.1, v3.2, v3.3, v3.4, v3.5, v4, v5] + branches: [master, v3.0, v3.1, v3.2, v3.3, v3.4, v3.5, v4, v5] pull_request: # The branches below must be a subset of the branches above branches: [master] From f7f630aa5ea4da842149bf6ea987ca22c03dcc44 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 7 Oct 2022 22:02:18 +1300 Subject: [PATCH 03/18] Remove schedule trigger We do not need to run these checks daily --- .github/workflows/codeql-analysis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d1e6688423e..c870b588834 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -6,8 +6,6 @@ on: pull_request: # The branches below must be a subset of the branches above branches: [master] - schedule: - - cron: '0 5 * * 3' jobs: analyse: From 627084422b97966e3852768a2b1214ee551696fa Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 7 Oct 2022 22:15:30 +1300 Subject: [PATCH 04/18] update build task --- .github/workflows/codeql-analysis.yml | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c870b588834..daf5eb3c7d8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,4 +1,5 @@ name: "CodeQL" +# see https://codeql.github.com/docs/ on: push: @@ -25,28 +26,14 @@ jobs: - run: git checkout HEAD^2 if: ${{ github.event_name == 'pull_request' }} - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v1 - # Override language selection by uncommenting this and choosing your languages - # with: - # languages: go, javascript, csharp, python, cpp, java - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release + run: | + ./bootstrap.sh + ./configure + make - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 From 466cb83cfd5c687db03ef77ed447cea262e655d0 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 7 Oct 2022 22:29:13 +1300 Subject: [PATCH 05/18] update to CodeQL v2 --- .github/workflows/codeql-analysis.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index daf5eb3c7d8..d6c491cfe43 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -21,13 +21,8 @@ jobs: # a pull request then we can checkout the head. fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 - name: Autobuild run: | @@ -36,4 +31,4 @@ jobs: make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 From c52963cd653ac80f7d1363eaece138ca3a195183 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 7 Oct 2022 22:33:36 +1300 Subject: [PATCH 06/18] Update codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d6c491cfe43..d2dc530218d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,11 +24,9 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v2 - - name: Autobuild - run: | - ./bootstrap.sh - ./configure - make + - run: ./bootstrap.sh + - run: ./configure + - run: make - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 From faecb381627f1bfe3e5c8dc9eb5027c2f8ea443e Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 7 Oct 2022 23:41:46 +1300 Subject: [PATCH 07/18] Remove stable branches for now Issues found by initial analysis need to be fixed and backported before we can try to automatically scan the existing stable branches. --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d2dc530218d..03c2064e865 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -3,7 +3,7 @@ name: "CodeQL" on: push: - branches: [master, v3.0, v3.1, v3.2, v3.3, v3.4, v3.5, v4, v5] + branches: [master] pull_request: # The branches below must be a subset of the branches above branches: [master] From 18e6e9d195da4b693f03a203d398b91cb15c7ad6 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 12 Oct 2022 15:58:28 +1300 Subject: [PATCH 08/18] Apply suggestions from code review Co-authored-by: Alex Rousskov --- .github/workflows/codeql-analysis.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 03c2064e865..f4c34b1eeb1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,20 +13,19 @@ jobs: name: Analyse runs-on: ubuntu-latest + permissions: + security-events: write + steps: - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 + uses: actions/checkout@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v2 - run: ./bootstrap.sh - run: ./configure - - run: make + - run: make -j2 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 From 7e315fca2b4ed9c44dad13bbb29b591b566d3ab4 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 12 Oct 2022 16:26:53 +1300 Subject: [PATCH 09/18] merge CodeQL test into default.yaml --- .github/workflows/default.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index 2b078abdbd2..b7d140cfd45 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -121,3 +121,33 @@ jobs: with: name: build-logs-${{ runner.os }} path: btlayer-*.log + + static-analysis: + + strategy: + fail-fast: true + + runs-on: [ ubuntu-22.04 ] + + steps: + + - name: Install Squid prerequisite Linux packages + if: runner.os == 'Linux' + run: | + # required for "apt-get build-dep" to work + sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list + sudo apt-get --quiet=2 update + sudo apt-get --quiet=2 build-dep squid + + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + + - run: | + ./bootstrap.sh + ./test-suite/buildtest.sh check ./test-suite/buildtests/layer-02-maximus.opts + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 From 083cdb03eca77f1a238f75b40c45737a659ed5e9 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 12 Oct 2022 16:28:53 +1300 Subject: [PATCH 10/18] Delete codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 31 --------------------------- 1 file changed, 31 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index f4c34b1eeb1..00000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: "CodeQL" -# see https://codeql.github.com/docs/ - -on: - push: - branches: [master] - pull_request: - # The branches below must be a subset of the branches above - branches: [master] - -jobs: - analyse: - name: Analyse - runs-on: ubuntu-latest - - permissions: - security-events: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - - - run: ./bootstrap.sh - - run: ./configure - - run: make -j2 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 From f173fbe82d22e46a18a7ea4c0649b9dd0dcb2945 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 12 Oct 2022 16:52:34 +1300 Subject: [PATCH 11/18] Update default.yaml --- .github/workflows/default.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index b7d140cfd45..948a17527ff 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -145,7 +145,8 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v2 - - run: | + - name: Build Squid + run: | ./bootstrap.sh ./test-suite/buildtest.sh check ./test-suite/buildtests/layer-02-maximus.opts From a077699357df8dbace077c6ec45aa2092715fb3f Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 12 Oct 2022 16:55:06 +1300 Subject: [PATCH 12/18] Update default.yaml --- .github/workflows/default.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index 948a17527ff..bac09c36955 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -127,6 +127,8 @@ jobs: strategy: fail-fast: true + security-events: write + runs-on: [ ubuntu-22.04 ] steps: From 922fffbc66c8364ae150d7ebc6109aea545eacb9 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 12 Oct 2022 17:02:10 +1300 Subject: [PATCH 13/18] Update default.yaml --- .github/workflows/default.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index bac09c36955..98a5105500d 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -127,10 +127,11 @@ jobs: strategy: fail-fast: true - security-events: write - runs-on: [ ubuntu-22.04 ] + permissions: + security-events: write + steps: - name: Install Squid prerequisite Linux packages From e54a7130ff90c1a4776b2edfb935043e6a3efb22 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Tue, 23 May 2023 03:19:50 +1200 Subject: [PATCH 14/18] Update .github/workflows/default.yaml had to go with this because the other names have conflicts Co-authored-by: Alex Rousskov --- .github/workflows/default.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index bc0bd382664..ddd98b4109a 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -121,7 +121,7 @@ jobs: name: build-logs-${{ runner.os }} path: btlayer-*.log - static-analysis: + CodeQL-tests: strategy: fail-fast: true From a07d6c183e7fc09c4ca72e19e1d81338d23316a2 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Tue, 23 May 2023 03:20:05 +1200 Subject: [PATCH 15/18] Update .github/workflows/default.yaml Co-authored-by: Alex Rousskov --- .github/workflows/default.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index ddd98b4109a..19106124960 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -123,9 +123,6 @@ jobs: CodeQL-tests: - strategy: - fail-fast: true - runs-on: [ ubuntu-22.04 ] permissions: From 83a007d228ff4da1d8b38b6bc44f1f8d6e637e69 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 30 Aug 2023 08:19:06 +1200 Subject: [PATCH 16/18] Apply suggestions from code review Co-authored-by: Alex Rousskov --- .github/workflows/default.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index 19106124960..6f8cff04834 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -137,6 +137,7 @@ jobs: sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list sudo apt-get --quiet=2 update sudo apt-get --quiet=2 build-dep squid + sudo apt-get --quiet=2 install linuxdoc-tools - name: Checkout repository uses: actions/checkout@v3 @@ -147,7 +148,7 @@ jobs: - name: Build Squid run: | ./bootstrap.sh - ./test-suite/buildtest.sh check ./test-suite/buildtests/layer-02-maximus.opts + ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 From 83c994e436d56bdc382d9cb07614e1db887e193c Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 30 Aug 2023 08:22:46 +1200 Subject: [PATCH 17/18] Update default.yaml --- .github/workflows/default.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index 6f8cff04834..6626d9e394c 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -107,7 +107,7 @@ jobs: sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list sudo apt-get --quiet=2 update sudo apt-get --quiet=2 build-dep squid - sudo apt-get --quiet=2 install linuxdoc-tools + sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin - name: Checkout sources uses: actions/checkout@v3 @@ -137,7 +137,7 @@ jobs: sudo sed --in-place -E 's/# (deb-src.*updates main)/ \1/g' /etc/apt/sources.list sudo apt-get --quiet=2 update sudo apt-get --quiet=2 build-dep squid - sudo apt-get --quiet=2 install linuxdoc-tools + sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin - name: Checkout repository uses: actions/checkout@v3 @@ -146,9 +146,7 @@ jobs: uses: github/codeql-action/init@v2 - name: Build Squid - run: | - ./bootstrap.sh - ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts + run: ./test-builds.sh check ./test-suite/buildtests/layer-02-maximus.opts - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 From d9096acba71d2d6c456ac302091b780c97478dd0 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Wed, 30 Aug 2023 08:25:35 +1200 Subject: [PATCH 18/18] Update default.yaml --- .github/workflows/default.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml index 6626d9e394c..77d6acdc019 100644 --- a/.github/workflows/default.yaml +++ b/.github/workflows/default.yaml @@ -146,7 +146,7 @@ jobs: uses: github/codeql-action/init@v2 - name: Build Squid - run: ./test-builds.sh check ./test-suite/buildtests/layer-02-maximus.opts + run: ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2