Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Enable CodeQL checking #249

Merged
merged 9 commits into from
Jan 2, 2025
Merged

ci: Enable CodeQL checking #249

merged 9 commits into from
Jan 2, 2025

Conversation

robbat2
Copy link
Member

@robbat2 robbat2 commented Dec 31, 2024

CodeQL scanning for security issues

@stappersg
Copy link
Member

From the logging:

Run apt-get -qy update || exit 1
Reading package lists...
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)
Error: Process completed with exit code 1.

@robbat2
Copy link
Member Author

robbat2 commented Jan 1, 2025

Yep; i'm aware of that, but if you look at the previous run, apt-get worked fine - but since it didn't install the libbsd dependency, the build fails:
https://github.com/radvd-project/radvd/actions/runs/12562380644/job/35022723228#step:5:313

@robbat2
ci: setup codeql build-mode=manual
50b9381 
Signed-off-by: Robin H. Johnson <[email protected]>
@robbat2
Copy link
Member Author

robbat2 commented Jan 1, 2025

Saving link for the previous failure: https://github.com/radvd-project/radvd/actions/runs/12563866946/job/35026288174

@stappersg
Copy link
Member

image

stappersg
stappersg approved these changes Jan 1, 2025
View reviewed changes
Copy link
Member

@stappersg stappersg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make it happen

@robbat2
build: update configure.ac using autoupdate-2.69 from ubuntu20.04
10ce922 
This should solve the build failures seen in CodeQL CI testing about
outdated autoconf issues.

Signed-off-by: Robin H. Johnson <[email protected]>
@robbat2
Copy link
Member Author

robbat2 commented Jan 2, 2025

https://github.com/radvd-project/radvd/actions/runs/12574859445/job/35049282774?pr=249#step:4:379
gram.c got compiled twice, we have some lurking issues, plus old-autoconf that needs update

robbat2 added 4 commits January 1, 2025 16:47
@robbat2
ci: workaround makefile dep ordering issue
a8c0f4c 
`make -j all check_all` has a race condition that runs lex/yacc twice,
and sometimes causes the build to fail.

Signed-off-by: Robin H. Johnson <[email protected]>
@robbat2
ci: more autoconf for codeql
8f02252 
Signed-off-by: Robin H. Johnson <[email protected]>
@robbat2
ci: always parallel build
868ffc6 
For CI purposes, parallel build provides a significant speedup and helps
check for dependency ordering bugs.

Signed-off-by: Robin H. Johnson <[email protected]>
@robbat2
ci: bleeding edge autoupdate causes large codeql failure
c045e24 
```
checking architecture... linux
./configure: line 3328: Some: command not found
./configure: line 3912: syntax error near unexpected token `('
./configure: line 3912: `case "(($ac_try" in'
```

Signed-off-by: Robin H. Johnson <[email protected]>
Reference: https://github.com/radvd-project/radvd/actions/runs/12575957486/job/35051542663#step:4:468
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

robbat2 added 2 commits January 1, 2025 17:12
@robbat2
ci: stricter build triggers
a89b32d 
Signed-off-by: Robin H. Johnson <[email protected]>
Closes: #239
@robbat2
ci: bsd make != linux make
3266317 
Signed-off-by: Robin H. Johnson <[email protected]>
@robbat2
Copy link
Member Author

robbat2 commented Jan 2, 2025

Skipped buildroot on final pass because it will be trimmed soon.

@robbat2 robbat2 merged commit f60e47c into master Jan 2, 2025
17 of 44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stappersg stappersg stappersg approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@robbat2 @stappersg