Merge https://salsa.debian.org/debian/libgit2 into proxmox/bullseye

[libgit2.git] / .github / workflows / nightly.yml

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 5513d5b435f1bcdb513bf05008b3b7d75a9e1995..856da28a3b91013a795f758cda1d01a8aeac5fd3 100644 (file)
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -7,7 +7,7 @@ on:
   - cron: '15 1 * * *'
 
 env:
-  docker-registry: docker.pkg.github.com
+  docker-registry: ghcr.io
   docker-config-path: source/ci/docker
 
 jobs:
@@ -15,6 +15,10 @@ jobs:
   # targets and their details.  Then we build either in a docker container
   # (Linux) or on the actual hosts (macOS, Windows).
   build:
+    # Only run scheduled workflows on the main repository; prevents people
+    # from using build minutes on their forks.
+    if: github.repository == 'libgit2/libgit2'
+
     strategy:
       matrix:
         platform:
@@ -247,6 +251,7 @@ jobs:
             CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON -DUSE_SSH=ON
             RUN_INVASIVE_TESTS: true
             SKIP_PROXY_TESTS: true
+            GITTEST_FLAKY_STAT: true
           os: ubuntu-latest
         - name: "Linux (arm64, Bionic, GCC, OpenSSL)"
           container:
@@ -271,7 +276,7 @@ jobs:
         path: source
         fetch-depth: 0
     - name: Set up build environment
-      run: source/ci/setup-${{ matrix.platform.setup-script }}.sh
+      run: source/ci/setup-${{ matrix.platform.setup-script }}-build.sh
       shell: bash
       if: matrix.platform.setup-script != ''
     - name: Setup QEMU
@@ -305,6 +310,7 @@ jobs:
               -e CMAKE_GENERATOR \
               -e CMAKE_OPTIONS \
               -e GITTEST_NEGOTIATE_PASSWORD \
+              -e GITTEST_FLAKY_STAT \
               -e PKG_CONFIG_PATH \
               -e SKIP_NEGOTIATE_TESTS \
               -e SKIP_SSH_TESTS \
@@ -319,6 +325,10 @@ jobs:
       shell: bash
 
   coverity:
+    # Only run scheduled workflows on the main repository; prevents people
+    # from using build minutes on their forks.
+    if: github.repository == 'libgit2/libgit2'
+
     name: Coverity
     runs-on: ubuntu-latest
     steps:
@@ -338,3 +348,32 @@ jobs:
       run: source/ci/coverity.sh
       env:
         COVERITY_TOKEN: ${{ secrets.coverity_token }}
+
+  codeql:
+    # Only run scheduled workflows on the main repository; prevents people
+    # from using build minutes on their forks.
+    if: github.repository == 'libgit2/libgit2'
+
+    name: CodeQL
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: 'cpp'
+
+    - name: Build
+      run: |
+        mkdir build
+        cd build
+        cmake .. -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON
+        cmake --build .
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1