name: CodeQL

on:
  push:
    branches: ["master"]
    tags: ["4.*"]
  pull_request:
    branches: ["master"]
  schedule:
    - cron: "6 13 * * 4"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

env:
  BUILD_TYPE: Release

jobs:
  analyze:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - uses: actions/checkout@v5

      - name: Install dependencies
        uses: ./.github/workflows/actions/ubuntu-build-deps
        with:
          SUDO: true

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: cpp

      - name: Configure
        run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
      - name: Build
        run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3