For the compiled programming language C++, does codeql still require custom steps to ignore specified code files?

[xengine-qyt]

Can't it be ignored via the paths-ignore option?
But I'm compiling separately right now. I have already compiled third-party libraries such as jsoncpp and xml2 first, but why are there still warning messages for these libraries in the codeql scan results?

    - name: make pre
      run: | 
          make BUILDTYPE=1

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v4
      with:
        languages: ${{ matrix.language }}
        build-mode: manual 
        queries: security-and-quality
        config-file: .github/workflows/codeql/codeql-config.yml
        
    - name: make check
      run: | 
          make BUILDTYPE=2

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v4
      with:
        category: "/language:${{ matrix.language }}"

After I compiled the third-party libraries with BUILDTYPE=1, JSONCPP is not compiled when using BUILDTYPE=2

[jketema]

Hi @xengine-qyt

Thanks for your question.

When using build-mode: autobuild or build-mode: manual, custom steps to ignore specified files are indeed still needed, and paths-ignore does not work.

I have already compiled third-party libraries such as jsoncpp and xml2 first, but why are there still warning messages for these libraries in the codeql scan results?

I cannot really tell without seeing the warnings. However, if the warnings are coming from the public header files of those libraries, then it is possible that you will see these warnings when these files are #included in files compiled in your make check step. Those header files will still be scanned in that case, because they are being compiled.