feat(images): integrate custom C binary for image processing #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GitHub Action for CodeQL Analysis | |
| # Scans C/C++, C#, Go, Java, JavaScript, Python, Ruby, TypeScript, Swift, and Kotlin. | |
| # This configuration is tailored for C++ (compiled to Wasm) and JavaScript. | |
| name: CodeQL Security Analysis | |
| on: | |
| push: | |
| branches: ["master", "develop"] | |
| pull_request: | |
| branches: ["master", "develop"] | |
| schedule: | |
| # Run a full scan weekly at 04:00 UTC on Sunday | |
| - cron: '0 4 * * 0' | |
| jobs: | |
| analyze: | |
| name: Analyze Codebase | |
| # Run on the latest version of Ubuntu | |
| runs-on: ubuntu-latest | |
| # Permissions are required for CodeQL to report security events | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| # A strategy matrix is used to run the job for each specified language. | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Define the languages to scan. PHP was removed as it's not supported by CodeQL. | |
| language: ['cpp', 'javascript'] | |
| steps: | |
| # Step 1: Check out the repository's code so the workflow can access it. | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # Step 2: Initialize the CodeQL tools for the specified language. | |
| # This step configures the CodeQL tracer to monitor the build process. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # You can uncomment the following line to run a more comprehensive suite of queries. | |
| # queries: +security-and-quality | |
| # Step 3: Build the C++ code. This step only runs for the 'cpp' matrix entry. | |
| # It uses a dedicated action to install the Emscripten SDK first. | |
| - name: Build C++ with Emscripten | |
| if: matrix.language == 'cpp' | |
| uses: emscripten-core/setup-emscripten@v4 | |
| with: | |
| # Specify the version of Emscripten to use. 'latest' is usually fine. | |
| emscripten-version: 'latest' | |
| # After setting up Emscripten, run the build commands. | |
| # The CodeQL tracer, initialized in the previous step, will monitor this process. | |
| run: | | |
| npm install | |
| npm run build:wasm | |
| # Step 4: Run the CodeQL analysis. | |
| # This step takes the database created during the build and runs queries against it. | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/language:${{matrix.language}}" | |