name: "CodeQL"

on:
  workflow_call:

permissions:
  contents: read

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    timeout-minutes: 360
    permissions:
      # required for all workflows
      security-events: write

    steps:
    - name: Checkout repository
      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        languages: c-cpp

    - name: configure
      run:
        cmake -B build .
          -DKokkos_ENABLE_OPENMP=ON
          -DCMAKE_CXX_STANDARD=20
          -DCMAKE_CXX_FLAGS=-Werror
          -DKokkos_ENABLE_COMPILER_WARNINGS=ON
          -DKokkos_ENABLE_DEPRECATED_CODE_4=OFF
          -DKokkos_ENABLE_TESTS=ON
          -DKokkos_ENABLE_EXAMPLES=ON
          -DKokkos_ENABLE_BENCHMARKS=ON
          -DCMAKE_BUILD_TYPE=Debug
    - name: build
      run:
        cmake --build build --parallel 2

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        category: "/language:c-cpp"