.sync: Add CodeQL GitHub workflow#133
Merged
Merged
Conversation
Adds a new workflow that is synced to Mu repos that are currently expected to have clean CodeQL results.
apop5
approved these changes
Feb 28, 2023
kuqin12
approved these changes
Feb 28, 2023
- Sort packages (consistent order in UI) - Dynamically determine stuart operations supported in a build script - Add CI Setup support - Dynamically discover Mu Basecore plugin directory in a workspace
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a new workflow that is synced to Mu repos that are
currently expected to run against CodeQL.
This workflow has the following features to support
maintainability across the repos it is synced to:
The packages are auto discovered and a dynamic matrix
is generated for each package build. This allows the
same file to work as-is in each repo that performs
CI builds (packages are in the repo root directory).
The Mu Basecore plugin directory is auto discovered
in the workspace based on the presence of the CodeQL
plugin being present in the directory.
The operations supported by the Stuart CI script are
dynamically discovered.
CodeQL is only run on Windows agents. There is a known
issue when building edk2-style code on Linux so this
avoids encountering that issue.
See: Perform CodeQL Analysis fails during database finalize due to NoSuchFileException github/codeql-action#1338
The Windows CodeQL CLI package is about 260MB at this time.
The GitHub Action cache is used by this workflow to cache
the CLI after it is initially pulled down in the Stuart ext
dep update.
The CLI ext dep directory name and version used for caching
are read from the ext_dep YAML file to reduce maintenance
needed in the workflow if the file changes in the future.
Note that the SARIF file for each run is uploaded as a per-package
artifact. These can be downloaded and opened in VS Code with the
SARIF Viewer extension to view issues locally with the ability
to click to issue locations in files.
Signed-off-by: Michael Kubacki michael.kubacki@microsoft.com