[重构构建流程并新增CodeQL代码分析]: 优化CI/CD配置，增强代码质量检查

RealChuan · RealChuan · commit add834fa3fde · 2025-04-21T13:41:44.000+08:00
- 新增可复用的GitHub Action依赖安装组件(.github/actions/install-dependencies)
  - 统一管理vcpkg安装与缓存逻辑
  - 支持多平台(Win/macOS/Linux)差异化依赖安装
  - 集成ninja/clang等构建工具配置
- 重构现有构建工作流(build.yml)
  - 使用新的依赖安装action替代重复步骤
  - 简化构建配置文件结构
- 新增CodeQL代码质量分析工作流(codeql.yml)
  - 自动执行C++代码静态分析
  - 配置定期扫描和PR触发机制
  - 复用统一的依赖安装流程
- 更新vcpkg基线版本至最新提交(d5cb5b9)
  - 确保依赖包使用最新稳定版本
  - 保持vcpkg生态同步更新
diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml
@@ -0,0 +1,55 @@
+name: 'Install Dependencies'
+description: 'Install dependencies for the environment'
+
+runs:
+  using: 'composite'
+
+  steps:
+    - name: Install Custom VCPKG
+      uses: RealChuan/install-vcpkg@main
+      with:
+        repo: 'https://github.com/RealChuan/vcpkg.git'
+        branch: 'dev'
+        
+    - name: Update vcpkg manifest baseline
+      shell: bash
+      run: |
+        vcpkg x-update-baseline
+
+    - name: Cache vcpkg
+      uses: actions/cache@v4
+      with: 
+        path: ${{ github.workspace }}/build/vcpkg_installed
+        key: ${{ matrix.os }}-vcpkg-installed-${{ runner.os }}-${{ github.sha }}
+        restore-keys: |
+          ${{ matrix.os }}-vcpkg-installed-${{ runner.os }}-
+          ${{ matrix.os }}-vcpkg-installed-
+          ${{ matrix.os }}-
+
+    - name: Install dependencies on windows
+      if: runner.os == 'Windows'
+      shell: bash
+      run: |
+        choco install ninja
+        ninja --version
+        cmake --version
+
+    - name: Install dependencies on macos
+      if: runner.os == 'macOS'
+      shell: bash
+      run: |
+        brew install nasm python-setuptools
+        ninja --version
+        cmake --version
+        clang --version
+
+    - name: Install dependencies on linux
+      if: runner.os == 'Linux'
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install ninja-build clang
+        ninja --version
+        cmake --version
+        gcc --version
+        
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -34,53 +34,11 @@ jobs:
           - "Ninja"
   
     steps:      
-      - name: Install dependencies on windows
-        if: startsWith(matrix.os, 'windows')
-        run: |
-          choco install ninja
-          ninja --version
-          cmake --version
-      - name: Install dependencies on macos
-        if: startsWith(matrix.os, 'macos')
-        shell: bash
-        run: |
-          brew install ninja python-setuptools
-          ninja --version
-          cmake --version
-          clang --version
-      - name: Install dependencies on ubuntu
-        if: startsWith(matrix.os, 'ubuntu')
-        run: |
-          sudo apt-get update
-          sudo apt-get install ninja-build clang
-          ninja --version
-          cmake --version
-          gcc --version
-
       - uses: actions/checkout@v4
         with:
           fetch-depth: 1
 
-      - name: Install custom vcpkg
-        uses: RealChuan/install-vcpkg@main
-        with:
-          repo: 'https://github.com/RealChuan/vcpkg.git'
-          branch: 'dev'
-
-      - name: Update vcpkg manifest baseline
-        shell: bash
-        run: |
-          vcpkg x-update-baseline
-
-      - name: Cache vcpkg
-        uses: actions/cache@v4
-        with: 
-          path: ${{ github.workspace }}/build/vcpkg_installed
-          key: ${{ matrix.os }}-vcpkg-installed-${{ runner.os }}-${{ github.sha }}
-          restore-keys: |
-            ${{ matrix.os }}-vcpkg-installed-${{ runner.os }}-
-            ${{ matrix.os }}-vcpkg-installed-
-            ${{ matrix.os }}-
+      - uses: ./.github/actions/install-dependencies
 
       - name: Configure and build windows
         if: startsWith(matrix.os, 'windows')
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,44 @@
+name: CodeQL
+
+on: 
+  push:
+    paths-ignore: 
+        - '.clang*'
+        - '.gitignore'
+        - 'LICENSE'
+        - 'README*'
+  pull_request:
+    paths-ignore: 
+        - '.clang*'
+        - '.gitignore'
+        - 'LICENSE'
+        - 'README*'
+        
+  schedule:
+    - cron: '0 0 1 * *'
+  workflow_dispatch:
+  
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+  
+    steps:      
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - uses: ./.github/actions/install-dependencies
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+            languages: cpp
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        
diff --git a/vcpkg.json b/vcpkg.json
@@ -27,5 +27,5 @@
       ]
     }
   ],
-  "builtin-baseline": "3de032f834a9b28a455e35600b03e9d365ce3b85"
+  "builtin-baseline": "d5cb5b9392b89fe9ad25786022415999202277d6"
 }

Original file line number	Diff line number	Diff line change
`@@ -27,5 +27,5 @@`
`27`	`27`	`]`
`28`	`28`	`}`
`29`	`29`	`],`
`30`		`- "builtin-baseline": "3de032f834a9b28a455e35600b03e9d365ce3b85"`
	`30`	`+ "builtin-baseline": "d5cb5b9392b89fe9ad25786022415999202277d6"`
`31`	`31`	`}`