GHA/codeql: improve perf on Windows, enable CURL_WERROR=ON, and more

- set `CURL_DROP_UNUSED=ON` for Windows (MSVC) to make the analysis step
  faster: 1m30s -> 1m15s

- enable `CURL_WERROR=ON` in all builds, to catch potential build issues
  in addition to running CodeQL. To make these builds useful as regular
  build tests too.

- add links to CodeQL Actions documentation.

- delete test data C files after checkout in an attempt to remove them
  from CodeQL code coverage stats.

Closes #20418
This commit is contained in:
Viktor Szakats 2026-01-24 02:39:48 +01:00
parent 3150ac7000
commit 64728418ff
No known key found for this signature in database
GPG key ID: B5ABD165E2AEF201

View file

@ -81,7 +81,12 @@ jobs:
with:
persist-credentials: false
- name: 'delete test input C files'
shell: bash
run: find tests/data -name '*.c' -delete
- name: 'initialize'
# https://github.com/github/codeql-action/blob/main/init/action.yml
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
languages: cpp
@ -93,7 +98,7 @@ jobs:
shell: bash
run: |
if [ "${MATRIX_PLATFORM}" = 'Windows' ]; then
cmake -B . -DBUILD_SHARED_LIBS=OFF \
cmake -B . -DBUILD_SHARED_LIBS=OFF -DCURL_DROP_UNUSED=ON -DCURL_WERROR=ON \
-DCMAKE_VS_GLOBALS=TrackFileAccess=false \
-DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF -DUSE_WIN32_IDN=ON
cmake --build . --verbose
@ -103,7 +108,7 @@ jobs:
# MultiSSL
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
cmake -B _bld1 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DENABLE_DEBUG=ON \
cmake -B _bld1 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DCURL_WERROR=ON -DENABLE_DEBUG=ON \
-DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_WOLFSSL=ON \
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON -DUSE_ECH=ON -DENABLE_ARES=ON \
-DCURL_DISABLE_VERBOSE_STRINGS=ON
@ -113,7 +118,7 @@ jobs:
# HTTP/3
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
cmake -B _bld2 -G Ninja -DCURL_DISABLE_TYPECHECK=ON \
cmake -B _bld2 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DCURL_WERROR=ON \
-DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR="$(brew --prefix openssl)" -DUSE_NGTCP2=ON \
-DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON \
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
@ -126,4 +131,5 @@ jobs:
fi
- name: 'perform analysis'
# https://github.com/github/codeql-action/blob/main/analyze/action.yml
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9