name: "MeshMC: CodeQL"

concurrency:
  group: meshmc-codeql-${{ github.ref }}
  cancel-in-progress: true

on:
  workflow_dispatch:
  workflow_call:

permissions: {}

jobs:
  CodeQL:
    runs-on: ubuntu-latest

    permissions:
      contents: read
      security-events: write

    defaults:
      run:
        working-directory: meshmc

    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          submodules: "true"

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          config-file: ./.github/codeql/codeql-config.yml
          queries: security-and-quality
          languages: cpp, java

      - name: Setup dependencies
        uses: ./.github/actions/meshmc/setup-dependencies
        with:
          artifact-name: meshmc-codeql-deps
          build-type: Debug
          qt-version: 6.9.3

      - name: Configure and Build
        run: |
          cmake --preset linux -DLauncher_USE_PCH=OFF
          cmake --build --preset linux --config Debug

      - name: Run tests
        run: |
          ctest --preset linux --build-config Debug --extra-verbose --output-on-failure

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4