Update build.yml for CodeQL permissions (#17) #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test get_started example | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: '30 22 * * 0' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| actions: read | |
| security-events: write | |
| env: | |
| ARM_UBL_ACTIVATION_CODE: ${{ secrets.ARM_UBL_ACTIVATION_CODE }} | |
| jobs: | |
| build-and-run: | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| compiler: [AC6, GCC, CLANG] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Python 3.10 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.10' | |
| - name: Install system packages | |
| run: | | |
| sudo add-apt-repository ppa:deadsnakes/ppa | |
| sudo apt-get install libpython3.9 libtinfo5 | |
| - name: Cache packs | |
| uses: actions/cache@v4 | |
| with: | |
| key: packs-${{ github.run_id }}-${{ matrix.compiler }} | |
| restore-keys: | | |
| packs- | |
| path: /home/runner/.cache/arm/packs | |
| - name: Activate vcpkg | |
| uses: JonatanAntoni/actions/vcpkg@main | |
| with: | |
| cache: "-${{ matrix.compiler }}" | |
| - name: Activate Arm tool license | |
| run: | | |
| if [[ -n "${{ env.ARM_UBL_ACTIVATION_CODE }}" ]]; then | |
| armlm activate --code ${{ env.ARM_UBL_ACTIVATION_CODE }} | |
| else | |
| armlm activate --server https://mdk-preview.keil.arm.com --product KEMDK-COM0 | |
| fi | |
| - uses: ammaraskar/gcc-problem-matcher@master | |
| if: matrix.compiler == 'GCC' | |
| - name: Initialize CodeQL | |
| if: matrix.compiler == 'GCC' | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: cpp | |
| queries: security-and-quality | |
| - name: Build | |
| run: | | |
| echo "Building get started example ..." | |
| cbuild get_started.csolution.yml --packs --update-rte --context .debug+avh --toolchain ${{ matrix.compiler }} | |
| - name: Perform CodeQL Analysis | |
| if: ${{ !cancelled() && matrix.compiler == 'GCC' }} | |
| uses: github/codeql-action/analyze@v3 | |
| - name: Execute | |
| if: ${{ env.ARM_UBL_ACTIVATION_CODE }} | |
| run: | | |
| echo "Running get started example ..." | |
| ext="" | |
| case "${{ matrix.compiler }}" in | |
| AC6) ext="axf" ;; | |
| GCC) ext="elf";; | |
| CLANG) ext="elf" ;; | |
| esac | |
| FVP_MPS2_Cortex-M3 --simlimit 10 -f vht-config.txt -a out/hello/avh/debug/hello.${ext} | tee model.log | |
| echo "Checking output..." | |
| grep "Hello World" model.log | wc -l | |
| test "$(grep "Hello World" model.log | wc -l)" -eq 10 | |
| - name: Deactivate Arm tool license | |
| if: always() | |
| run: | | |
| if [[ -n "${{ env.ARM_UBL_ACTIVATION_CODE }}" ]]; then | |
| armlm deactivate --code ${{ env.ARM_UBL_ACTIVATION_CODE }} | |
| else | |
| armlm deactivate --product KEMDK-COM0 | |
| fi |