From: Michael Kubacki <michael.kuba...@microsoft.com> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4115
This patch series enables initial CodeQL support within the edk2 repository. After this patch, a CodeQL Analyze step will run on a subset of edk2 packages in Pull Requests. The plan to scale additional CodeQL queries is documented in the RFC and it is recommeneded to read that for more detail: https://github.com/tianocore/edk2/discussions/3258#discussioncomment-3682099 In summary, this change will: - Main workflow file - .github/workflows/codeql-analysis.yml 1. Add a code scanning workflow with the CodeQL Analysis GitHub action 2. Build packages on Windows + VS2019 3. Perform CodeQL analysis on the build results - Custom configuration file - .github/codeql/codeql-config.yml 1. Specify the edk2 CodeQL query set 2. Apply a query filter to exclude errors, warnings, and recommendations - edk2 query set file - .github/codeql/edk2.qls 1. Enable a single query: cpp/conditionallyuninitializedvariable Per the RFC, this enables CodeQL but does not allow any alerts by suppressing all of the severity levels. When the code changes necessary to resolve problems found with cpp/conditionallyuninitializedvariable are checked in, the severity filter can be adjusted such that query is enabled. V2 Changes: 1. Switch from Ubuntu + GCC5 As noted in the v1 series, there is an occassional issue with filesystem paths on Ubuntu + GCC at the moment that prevents this change from being checked in. A bug has been filed against CodeQL and the CodeQL team has confirmed this is a bug. They were not aware of the bug until this report. https://github.com/github/codeql-action/issues/1338 In the meantime, this v2 patch series places the workflow on Windows with VS2019 which has been reliable across testing. Cc: Andrew Fish <af...@apple.com> Cc: Leif Lindholm <quic_llind...@quicinc.com> Cc: Liming Gao <gaolim...@byosoft.com.cn> Cc: Michael D Kinney <michael.d.kin...@intel.com> Cc: Sean Brogan <sean.bro...@microsoft.com> Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com> Michael Kubacki (2): Maintainers.txt: Add .github maintainers and reviewers .github: Add initial CodeQL config and workflow files .github/codeql/codeql-config.yml | 30 ++++++ .github/codeql/edk2.qls | 12 +++ .github/workflows/codeql-analysis.yml | 99 ++++++++++++++++++++ Maintainers.txt | 6 ++ 4 files changed, 147 insertions(+) create mode 100644 .github/codeql/codeql-config.yml create mode 100644 .github/codeql/edk2.qls create mode 100644 .github/workflows/codeql-analysis.yml -- 2.28.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95906): https://edk2.groups.io/g/devel/message/95906 Mute This Topic: https://groups.io/mt/94793992/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
