From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.8242.1667318115860861554 for ; Tue, 01 Nov 2022 08:55:15 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=XF6/XRQ5; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id 90991205D3B6; Tue, 1 Nov 2022 08:55:14 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 90991205D3B6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1667318115; bh=oE5v4erD/m8gMgY6zd3pNfkMcGKC6WC5GSO9yf8YLw8=; h=From:To:Cc:Subject:Date:From; b=XF6/XRQ5cJLLoTgs5dhDcbx2t439hGvON1tPJIKHcVBffi1lV6iFq2wJhBrAqH39A ZPzco7Y1vCs/uRqEAkCjx/CVepNLBBSLprJkARzygudEDRkE3SM6F8OPQz2C6/uq6k 2v0cpUsfSq5AibNRyzQw0EMI7IO07jIl0pbygeKs= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Andrew Fish , Leif Lindholm , Liming Gao , Michael D Kinney , Sean Brogan Subject: [PATCH v1 0/2] Enable Initial CodeQL Support Date: Tue, 1 Nov 2022 11:54:53 -0400 Message-Id: <20221101155455.1268-1-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Michael Kubacki REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4115 This patch series enables initial CodeQL support within the edk2 repository. After this patch, a CodeQL Analyze step will run on a subset of edk2 packages in Pull Requests. The plan to scale additional CodeQL queries is documented in the RFC and it is recommeneded to read that for more detail: https://github.com/tianocore/edk2/discussions/3258#discussioncomment-3682= 099 In summary, this change will: - Main workflow file - .github/workflows/codeql-analysis.yml 1. Add a code scanning workflow with the CodeQL Analysis GitHub action 2. Build packages on Ubuntu with GCC5 3. Perform CodeQL analysis on the build results - Custom configuration file - .github/codeql/codeql-config.yml 1. Specify the edk2 CodeQL query set 2. Apply a query filter to exclude errors, warnings, and recommendations - edk2 query set file - .github/codeql/edk2.qls 1. Enable a single query: cpp/conditionallyuninitializedvariable Per the RFC, this enables CodeQL but does not allow any alerts by suppressing all of the severity levels. When the code changes necessary to resolve problems found with cpp/conditionallyuninitializedvariable are checked in, the severity filter can be adjusted such that query is enabled. Note that there is an occassional issue with filesystem paths at the moment that prevents this change from being checked in. A bug has been filed against CodeQL and some additional investigation is being done. https://github.com/github/codeql-action/issues/1338 In the meantime, this v1 patch series is being sent for feedback. Cc: Andrew Fish Cc: Leif Lindholm Cc: Liming Gao Cc: Michael D Kinney Cc: Sean Brogan Signed-off-by: Michael Kubacki Michael Kubacki (2): Maintainers.txt: Add .github maintainers and reviewers .github: Add initial CodeQL config and workflow files .github/codeql/codeql-config.yml | 30 ++++++ .github/codeql/edk2.qls | 12 +++ .github/workflows/codeql-analysis.yml | 102 ++++++++++++++++++++ Maintainers.txt | 6 ++ 4 files changed, 150 insertions(+) create mode 100644 .github/codeql/codeql-config.yml create mode 100644 .github/codeql/edk2.qls create mode 100644 .github/workflows/codeql-analysis.yml --=20 2.28.0.windows.1