From 20211262428aca8006e7a72227b1e4574db0775e Mon Sep 17 00:00:00 2001 From: Alan Jowett Date: Tue, 12 Apr 2022 13:08:11 -0600 Subject: [PATCH] Update codeql-analysis.yml (#937) * Update codeql-analysis.yml * Merge codeql and cicd Signed-off-by: Alan Jowett * Merge codeql and cicd Signed-off-by: Alan Jowett * Update cicd.yml --- .github/workflows/cicd.yml | 7 ++++ .github/workflows/codeql-analysis.yml | 48 --------------------------- .github/workflows/reusable-build.yml | 15 ++++++++- 3 files changed, 21 insertions(+), 49 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 754683050..83693f2c2 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -44,6 +44,13 @@ jobs: build_artifact: Build-x64-Sanitize build_options: /p:Sanitizer='True' + codeql: + if: github.event_name != 'pull_request' + uses: ./.github/workflows/reusable-build.yml + with: + build_artifact: Build-x64-CodeQl + build_codeql: true + # Run the unit tests in GitHub. unit_tests: uses: ./.github/workflows/reusable-test.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 673be8922..000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) Microsoft Corporation -# SPDX-License-Identifier: MIT - -name: "CodeQL" - -on: - push: - branches: [ main ] - schedule: - - cron: '00 21 * * *' - -permissions: - contents: read - -jobs: - analyze: - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'cpp' ] - - steps: - - uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415 - with: - submodules: 'recursive' - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@1ed1437484560351c5be56cf73a48a279d116b78 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - - name: Build - uses: ./.github/workflows/reusable-build.yml - with: - build_artifact: Build-x64-codeql - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1ed1437484560351c5be56cf73a48a279d116b78 diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 4537ff0c2..f6b8d7c9f 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -14,8 +14,11 @@ on: type: string # Additional options passed to msbuild. build_options: - required: False + required: false type: string + build_codeql: + required: false + type: boolean permissions: contents: read @@ -41,6 +44,12 @@ jobs: with: submodules: 'recursive' + - name: Initialize CodeQL + if: inputs.build_codeql == true + uses: github/codeql-action/init@28eead240834b314f7def40f6fcba65d100d99b1 + with: + languages: 'cpp' + - name: Add MSBuild to PATH uses: microsoft/setup-msbuild@becb80cf9a036187bb1e07e74eb64e25850d757a @@ -86,3 +95,7 @@ jobs: name: ${{inputs.build_artifact}} ${{matrix.configurations}} path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}} retention-days: 5 + + - name: Perform CodeQL Analysis + if: inputs.build_codeql == true + uses: github/codeql-action/analyze@28eead240834b314f7def40f6fcba65d100d99b1