# @file | |
# GitHub Workflow for CodeQL Analysis | |
# | |
# Copyright (c) Microsoft Corporation. | |
# | |
# SPDX-License-Identifier: BSD-2-Clause-Patent | |
## | |
name: "CodeQL" | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
paths-ignore: | |
- '**/*.bat' | |
- '**/*.md' | |
- '**/*.py' | |
- '**/*.rst' | |
- '**/*.sh' | |
- '**/*.txt' | |
schedule: | |
# https://crontab.guru/#20_23_*_*_4 | |
- cron: '20 23 * * 4' | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: windows-2019 | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- Package: "ArmPkg" | |
ArchList: "IA32,X64" | |
- Package: "CryptoPkg" | |
ArchList: "IA32" | |
- Package: "CryptoPkg" | |
ArchList: "X64" | |
- Package: "DynamicTablesPkg" | |
ArchList: "IA32,X64" | |
- Package: "FatPkg" | |
ArchList: "IA32,X64" | |
- Package: "FmpDevicePkg" | |
ArchList: "IA32,X64" | |
- Package: "IntelFsp2Pkg" | |
ArchList: "IA32,X64" | |
- Package: "IntelFsp2WrapperPkg" | |
ArchList: "IA32,X64" | |
- Package: "MdeModulePkg" | |
ArchList: "IA32" | |
- Package: "MdeModulePkg" | |
ArchList: "X64" | |
- Package: "MdePkg" | |
ArchList: "IA32,X64" | |
- Package: "PcAtChipsetPkg" | |
ArchList: "IA32,X64" | |
- Package: "PrmPkg" | |
ArchList: "IA32,X64" | |
- Package: "SecurityPkg" | |
ArchList: "IA32,X64" | |
- Package: "ShellPkg" | |
ArchList: "IA32,X64" | |
- Package: "SourceLevelDebugPkg" | |
ArchList: "IA32,X64" | |
- Package: "StandaloneMmPkg" | |
ArchList: "IA32,X64" | |
- Package: "UefiCpuPkg" | |
ArchList: "IA32,X64" | |
- Package: "UnitTestFrameworkPkg" | |
ArchList: "IA32,X64" | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Install Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.11' | |
cache: 'pip' | |
cache-dependency-path: 'pip-requirements.txt' | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: 'cpp' | |
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | |
# Learn more about CodeQL language support at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/ | |
config-file: ./.github/codeql/codeql-config.yml | |
# Note: Add new queries to codeql-config.yml file as they are enabled. | |
- name: Install/Upgrade pip Modules | |
run: pip install -r pip-requirements.txt --upgrade | |
- name: Setup | |
run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019 | |
- name: Update | |
run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019 | |
- name: Build Tools From Source | |
run: python BaseTools/Edk2ToolsBuild.py -t VS2019 | |
- name: CI Build | |
run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.Package }} -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 |