name: Analyse servers with CodeQL
# analysis_codeql.yml

concurrency:
  group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}

on:
  workflow_dispatch:
  push:
    branches:
      - master
  pull_request:
    paths:
      # Always trigger all Github Actions if an action or something CI related was changed
      - '.github/workflows/**'
      - 'tools/ci/**'
      # This workflow should run when a file in a source directory has been modified.
      - 'src/**'
      - '3rdparty/**'

jobs:
  analyze:
    # Github Actions checks for '[ci skip]', '[skip ci]', '[no ci]', '[skip actions]', or '[actions skip]' but not a hyphenated version.
    # It's a catch-all incase a Pull Request has been opened and someone is on auto-pilot.
    if: "!contains(github.event.head_commit.message, 'ci-skip')"
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
          # The ubuntu-latest label currently points to ubuntu-20.04.
          # Available: ubuntu-24.04, ubuntu-22.04
          os: [ubuntu-latest]
          # Older versions of GCC are not available via unaltered aptitude repo lists.
          gcc: ['10']
          # We run build checks for both Renewal and PRE-Renewal
          mode: ['PRE','RE']

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
           # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
           # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
           languages: cpp
           # Trigger security and quality findings
           # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # TODO: Resolve the issues and then enable it again
           #queries: +security-and-quality

      # A simple 'yes' and 'no' can be confusing, so we use names to display in the current job then convert them for use in the compiler.
      - name: Variable Parsing - PRE
        if: ${{ matrix.mode == 'PRE' }} 
        run: |
          echo "PRERE=yes" >> $GITHUB_ENV
      - name: Variable Parsing - RE
        if: ${{ matrix.mode == 'RE' }} 
        run: |
          echo "PRERE=no" >> $GITHUB_ENV

      - name: Update & Install packages
        # Ubuntu runners already have most of the packages rAthena requires to build.
        # https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md
        run: |
          sudo apt update
          sudo apt install zlib1g-dev libpcre3-dev gcc-${{ matrix.gcc }} g++-${{ matrix.gcc }}

      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      #- name: Autobuild
      #  uses: github/codeql-action/autobuild@v2

      # ?? If the Autobuild fails above, remove it and uncomment the following
      #    three lines and modify them (or add more) to build your code if your
      #    project uses a compiled language
      - name: Command - configure
        env:
            CONFIGURE_FLAGS: 'CC=gcc-${{ matrix.gcc }} CXX=g++-${{ matrix.gcc }} --enable-prere=${{ env.PRERE }} --enable-buildbot=yes'
        run: ./configure $CONFIGURE_FLAGS

      - name: Command - make clean
        run: make clean

      - name: Command - make server
        run: make server

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3