CI: Add CodeQL static analysis

LGTM is deprecated and will cease working in Decemeber, per https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/ Drop the LGTM badges too, as they will stop working as well. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
TrenchBoot · Nov 21, 2022 · 7880ccf · 7880ccf
1 parent f9cb7a7
commit 7880ccf
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/.github/workflows/CodeQL.yml b/.github/workflows/CodeQL.yml
@@ -0,0 +1,31 @@
+name: CodeQL
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '30 12 * * 3' # Weekly, Wed at 12:30 pm
+
+jobs:
+  CodeQL:
+
+    strategy:
+      matrix:
+        bits: ['32', '64']
+        lto: [LTO=y, LTO=n]
+
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - uses: github/codeql-action/init@v2
+      with:
+        languages: cpp
+        queries: security-and-quality
+
+    - name: Build
+      run: |
+        make BITS=${{matrix.bits}} ${{matrix.lto}}
+
+    - uses: github/codeql-action/analyze@v2
diff --git a/README.md b/README.md
@@ -1,7 +1,4 @@
 TrenchBoot Secure Kernel Loader
 ===============================
 
-[![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/TrenchBoot/secure-kernel-loader.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/TrenchBoot/secure-kernel-loader/context:cpp)
-[![Total alerts](https://img.shields.io/lgtm/alerts/g/TrenchBoot/secure-kernel-loader.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/TrenchBoot/secure-kernel-loader/alerts/)
-
 Open source implementation of Secure Loader for AMD Secure Startup.