From abbdbe81bce66f48f97f227f566f493ea3725479 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= <pwntester@github.com>
Date: Fri, 2 Dec 2022 13:23:34 +0100
Subject: [PATCH] Add CodeQL workflow

---
 .github/workflows/codeql.yml | 89 ++++++++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000..b90d30e27
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,89 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ 'dev' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ 'dev' ]
+  schedule:
+    - cron: '56 5 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        build_type: [release]
+        language: [ 'cpp', 'python' ]
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Install dependencies
+        run: |
+          echo "Running apt update."
+          sudo apt update
+          echo "Installing dependencies with apt."
+          DEBIAN_FRONTEND=noninteractive sudo apt install -y cmake libgtk-3-dev libgtkmm-3.0-dev liblensfun-dev librsvg2-dev liblcms2-dev libfftw3-dev libiptcdata0-dev libtiff5-dev libcanberra-gtk3-dev liblensfun-bin
+
+      - name: Configure build
+        run: |
+          export REF_NAME_FILTERED="$(echo '${{github.ref_name}}' | sed 's/[^A-z0-9_.-]//g')"
+          echo "Setting cache suffix."
+          if [ '${{github.ref_type}}' == 'tag' ]; then
+            export CACHE_SUFFIX=""
+          else
+            export CACHE_SUFFIX="5-$REF_NAME_FILTERED"
+          fi
+          export CACHE_SUFFIX="$CACHE_SUFFIX-AppImage"
+          echo "Cache suffix is '$CACHE_SUFFIX'."
+          echo "Making build directory."
+          mkdir build
+          echo "Changing working directory to the build directory."
+          cd build
+          echo "Running CMake configure."
+          cmake \
+            -DCMAKE_BUILD_TYPE='${{matrix.build_type}}'  \
+            -DCACHE_NAME_SUFFIX="$CACHE_SUFFIX" \
+            -DPROC_TARGET_NUMBER="1" \
+            -DBUILD_BUNDLE="ON" \
+            -DBUNDLE_BASE_INSTALL_DIR="/" \
+            -DOPTION_OMP="ON" \
+            -DWITH_LTO="OFF" \
+            -DWITH_PROF="OFF" \
+            -DWITH_SAN="OFF" \
+            -DWITH_SYSTEM_KLT="OFF" \
+            -DCMAKE_INSTALL_PREFIX=/usr \
+            -DLENSFUNDBDIR="../share/lensfun/version_1" \
+            ..
+          echo "Recording filtered ref name."
+          echo "REF_NAME_FILTERED=$REF_NAME_FILTERED" >> $GITHUB_ENV
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Build RawTherapee
+        working-directory: ./build
+        run: |
+          echo "Running make install."
+          make -j$(nproc) install DESTDIR=AppDir/usr/bin
+          echo "Moving usr/bin/share to usr/share."
+          mv AppDir/usr/bin/share AppDir/usr/
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"