.github/workflows/codeql-analysis.yml

   1 # @file
   2 # GitHub Workflow for CodeQL Analysis
   3 #
   4 # Copyright (c) Microsoft Corporation.
   5 #
   6 # SPDX-License-Identifier: BSD-2-Clause-Patent
   7 ##
   8
   9 name: "CodeQL"
  10
  11 on:
  12   push:
  13     branches:
  14       - master
  15   pull_request:
  16     branches:
  17       - master
  18     paths-ignore:
  19       - '**/*.bat'
  20       - '**/*.md'
  21       - '**/*.py'
  22       - '**/*.rst'
  23       - '**/*.sh'
  24       - '**/*.txt'
  25
  26   schedule:
  27     # https://crontab.guru/#20_23_*_*_4
  28     - cron: '20 23 * * 4'
  29
  30 jobs:
  31   analyze:
  32     name: Analyze
  33     runs-on: windows-2019
  34     permissions:
  35       actions: read
  36       contents: read
  37       security-events: write
  38
  39     strategy:
  40       fail-fast: false
  41       matrix:
  42         package: [
  43           "ArmPkg",
  44           "CryptoPkg",
  45           "DynamicTablesPkg",
  46           "FatPkg",
  47           "FmpDevicePkg",
  48           "IntelFsp2Pkg",
  49           "IntelFsp2WrapperPkg",
  50           "MdeModulePkg",
  51           "MdePkg",
  52           "PcAtChipsetPkg",
  53           "PrmPkg",
  54           "SecurityPkg",
  55           "ShellPkg",
  56           "SourceLevelDebugPkg",
  57           "StandaloneMmPkg",
  58           "UefiCpuPkg",
  59           "UnitTestFrameworkPkg"]
  60
  61     steps:
  62     - name: Checkout repository
  63       uses: actions/checkout@v3
  64
  65     # Initializes the CodeQL tools for scanning.
  66     - name: Initialize CodeQL
  67       uses: github/codeql-action/init@v2
  68       with:
  69         languages: 'cpp'
  70         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
  71         # Learn more about CodeQL language support at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/
  72         config-file: ./.github/codeql/codeql-config.yml
  73         # Note: Add new queries to codeql-config.yml file as they are enabled.
  74
  75     - name: Install/Upgrade pip Modules
  76       run: pip install -r pip-requirements.txt --upgrade
  77
  78     - name: Setup
  79       run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a IA32,X64 TOOL_CHAIN_TAG=VS2019
  80
  81     - name: Update
  82       run: stuart_update -c .pytool/CISettings.py -t DEBUG -a IA32,X64 TOOL_CHAIN_TAG=VS2019
  83
  84     - name: Build Tools From Source
  85       run: python BaseTools/Edk2ToolsBuild.py -t VS2019
  86
  87     - name: CI Build
  88       run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.package }} -t DEBUG -a IA32,X64 TOOL_CHAIN_TAG=VS2019
  89
  90     - name: Perform CodeQL Analysis
  91       uses: github/codeql-action/analyze@v2