3636 strategy :
3737 fail-fast : false
3838 matrix :
39- # c-cpp excluded: requires XZ sources download + node-gyp build, adds significant complexity.
40- # The native binding (src/bindings/*.cpp, ~1200 LOC) is reviewed manually on PR.
4139 language :
4240 - actions
41+ - c-cpp
4342 - javascript-typescript
4443 - python
4544
@@ -48,16 +47,28 @@ jobs:
4847 uses : actions/checkout@v6
4948
5049 - name : Setup pnpm
51- if : matrix.language == 'javascript-typescript'
50+ if : matrix.language == 'javascript-typescript' || matrix.language == 'c-cpp'
5251 uses : pnpm/action-setup@v6
5352
5453 - name : Setup Node.js
55- if : matrix.language == 'javascript-typescript'
54+ if : matrix.language == 'javascript-typescript' || matrix.language == 'c-cpp'
5655 uses : actions/setup-node@v6
5756 with :
5857 node-version : 22
5958 cache : pnpm
6059
60+ - name : Setup Python (for XZ download)
61+ if : matrix.language == 'c-cpp'
62+ uses : actions/setup-python@v6
63+ with :
64+ python-version : ' 3.x'
65+
66+ - name : Download XZ sources
67+ if : matrix.language == 'c-cpp'
68+ run : python scripts/download_xz_from_github.py deps/xz.tar.gz deps/
69+ env :
70+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
71+
6172 - name : Install dependencies (skip scripts)
6273 if : matrix.language == 'javascript-typescript'
6374 run : pnpm install --frozen-lockfile --ignore-scripts
6778 with :
6879 languages : ${{ matrix.language }}
6980
81+ - name : Build native binding (c-cpp)
82+ # CodeQL wraps the compiler: install must happen between init and analyze.
83+ # `pnpm install` triggers postinstall → node-gyp-build → node-gyp rebuild (compiles from source).
84+ if : matrix.language == 'c-cpp'
85+ run : pnpm install --frozen-lockfile
86+ env :
87+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
88+
7089 - name : Perform CodeQL Analysis
7190 uses : github/codeql-action/analyze@v4
7291 with :
0 commit comments