deskflow/.github/workflows/codeql-analysis.yml

name: "CodeQL Analysis"

on:
  workflow_dispatch:
  pull_request:
    types:
      - opened
      - reopened
      - synchronize
      - ready_for_review
  push:
    branches: [master]

jobs:
  analyze:
    if: ${{ !github.event.pull_request.draft }}

    name: Analyze
    runs-on: ${{ vars.CODEQL_RUNNER || 'ubuntu-24.04' }}
    container: symless/synergy-core:ubuntu-24.04-amd64
    timeout-minutes: 20

    strategy:
      fail-fast: false
      matrix:
        language: ["cpp"]

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Config Git safe dir
        run: git config --global --add safe.directory $GITHUB_WORKSPACE

      # Should only restore the .venv directory from cache.
      - name: Init Python venv
        uses: ./.github/actions/init-python
        with:
          cache-key: "codeql"
          setup: false

      - name: Install dependencies
        run: ./scripts/install_deps.py
        env:
          # Prevent apt prompting for input.
          DEBIAN_FRONTEND: noninteractive

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}

      - name: Autobuild
        uses: github/codeql-action/autobuild@v3

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3