Add CodeQL Workflow for Code Security Analysis
This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats.
We added a new CodeQL workflow file (.github/workflows/codeql.yml) that
- Runs on every pull request (functionality to run on every push to main branches is included as a comment for convenience).
- Runs daily.
- Excludes queries with a high false positive rate or low-severity findings.
- Does not display results for git submodules, focusing only on our own codebase.
Testing:
To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code.
Deployment:
Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps:
1. Under the repository name, click on the Security tab.
2. In the left sidebar, click Code scanning alerts.
Additional Information:
- You can further customize the workflow to adapt to your specific needs by modifying the workflow file.
- For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation (https://codeql.github.com/ and https://codeql.github.com/docs/).
Signed-off-by: Brian <bayuan@purdue.edu>
Fixes the following CI warning:
"Node.js 12 actions are deprecated. Please update the following
actions to use Node.js 16: actions/checkout@v2..."
Closes#2255
This adds compile-time support for multiple platforms and runtime
detection of them. Window system related platform functions are now
called from shared code via the function pointer struct _GLFWplatform.
The timer, thread and module loading platform functions are still called
directly by name and the implementation chosen at link-time. These
functions are the same for any backend on a given OS, including the Null
backend.
The platforms are now enabled via CMake dependent options following the
GLFW_BUILD_<platform> pattern instead of a mix of automagic and ad-hoc
option names. There is no longer any option for the Null backend as it
is now always enabled.
Much of the struct stitching work in platform.h was based on an earlier
experimental branch for runtime platform selection by @ronchaine.
Every platform function related to windows, contexts, monitors, input,
event processing and Vulkan have been renamed so that multiple sets of
them can exist without colliding. Calls to these are now routed through
the _glfw.platform struct member. These changes makes up most of this
commit.
For Wayland and X11 the client library loading and display creation is
used to detect a running compositor/server. The XDG_SESSION_TYPE
environment variable is ignored for now, as X11 is still by far the more
complete implementation.
Closes#1655Closes#1958
With 3.4, the tip of the 'latest' branch will be a merge commit for
3.3-stable and the main branch, and not simply a fast-foward to an
already tested commit.
This sets up a tiny additional safety net before that merge.
GitHub runners unfortunately do not come with MinGW or VS 2010
pre-installed, so moving those builds will be more involved. MinGW-w64
is not a good replacement for MinGW as it is far more complete.
This gives at least some feedback for all supported platforms via the
GitHub Actions system.
The old Travis CI .org service has been throttled for a while now and is
said to be shutting down completely next week.
This migrates the Travis CI build jobs to GitHub Actions, with minor
changes.
- The trailing whitespace detection has been removed for now.
- The libegl1-mesa-dev dependency for Wayland has been removed as it
appears to no longer be necessary for building.
