Update codeql-analysis.yml (#937)

* Update codeql-analysis.yml * Merge codeql and cicd Signed-off-by: Alan Jowett <alanjo@microsoft.com> * Merge codeql and cicd Signed-off-by: Alan Jowett <alanjo@microsoft.com> * Update cicd.yml
2022-04-12 13:08:11 -06:00 · 2022-04-12 13:08:11 -06:00 · 2021126242
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@ -44,6 +44,13 @@ jobs:
      build_artifact: Build-x64-Sanitize
      build_options: /p:Sanitizer='True'

+  codeql:
+    if: github.event_name != 'pull_request'
+    uses: ./.github/workflows/reusable-build.yml
+    with:
+      build_artifact: Build-x64-CodeQl
+      build_codeql: true
+
  # Run the unit tests in GitHub.
  unit_tests:
    uses: ./.github/workflows/reusable-test.yml
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,48 +0,0 @@
-# Copyright (c) Microsoft Corporation
-# SPDX-License-Identifier: MIT
-
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main ]
-  schedule:
-    - cron: '00 21 * * *'
-
-permissions:
-  contents: read
-
-jobs:
-  analyze:
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'cpp' ]
-
-    steps:
-    - uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415
-      with:
-        submodules: 'recursive'
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@1ed1437484560351c5be56cf73a48a279d116b78
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    - name: Build
-      uses: ./.github/workflows/reusable-build.yml
-      with:
-        build_artifact: Build-x64-codeql
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@1ed1437484560351c5be56cf73a48a279d116b78
--- a/.github/workflows/reusable-build.yml
+++ b/.github/workflows/reusable-build.yml
@ -14,8 +14,11 @@ on:
        type: string
      # Additional options passed to msbuild.
      build_options:
-        required: False
+        required: false
        type: string
+      build_codeql:
+        required: false
+        type: boolean

 permissions:
  contents: read
@ -41,6 +44,12 @@ jobs:
      with:
        submodules: 'recursive'

+    - name: Initialize CodeQL
+      if: inputs.build_codeql == true
+      uses: github/codeql-action/init@28eead240834b314f7def40f6fcba65d100d99b1
+      with:
+        languages: 'cpp'
+
    - name: Add MSBuild to PATH
      uses: microsoft/setup-msbuild@becb80cf9a036187bb1e07e74eb64e25850d757a

@ -86,3 +95,7 @@ jobs:
        name: ${{inputs.build_artifact}} ${{matrix.configurations}}
        path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
        retention-days: 5
+
+    - name: Perform CodeQL Analysis
+      if: inputs.build_codeql == true
+      uses: github/codeql-action/analyze@28eead240834b314f7def40f6fcba65d100d99b1