fix: update llhttp wget URLs to use release branch instead of release… #448
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL | |
| on: | |
| push: | |
| branches: [main] | |
| schedule: | |
| # Run weekly on Mondays at 06:00 UTC to catch new CVE patterns | |
| - cron: '0 6 * * 1' | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| jobs: | |
| analyze: | |
| name: CodeQL Analysis | |
| runs-on: ubuntu-latest | |
| container: debian:sid-slim | |
| timeout-minutes: 45 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: ['c-cpp'] | |
| steps: | |
| - name: Install build dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y \ | |
| git build-essential cmake pkg-config \ | |
| libavcodec-dev libavformat-dev libavutil-dev libswscale-dev \ | |
| libsqlite3-dev libuv1-dev libllhttp-dev libcurl4-openssl-dev \ | |
| libcjson-dev libmbedtls-dev libmosquitto-dev | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| submodules: false | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # Use extended queries for more thorough security analysis | |
| queries: security-extended | |
| - name: Build for CodeQL | |
| run: | | |
| mkdir -p build && cd build | |
| cmake .. \ | |
| -DCMAKE_BUILD_TYPE=Release \ | |
| -DENABLE_SOD=OFF \ | |
| -DENABLE_GO2RTC=OFF \ | |
| -DBUILD_TESTS=OFF | |
| make -j$(nproc) | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| category: "/language:${{ matrix.language }}" | |