From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Sean Brogan <sean.brogan@microsoft.com>,
Michael D Kinney <michael.d.kinney@intel.com>
Subject: [edk2-devel] [PATCH v1 1/5] Remove existing CodeQL infrastructure
Date: Tue, 26 Sep 2023 15:21:10 -0400 [thread overview]
Message-ID: <20230926192114.416-2-mikuback@linux.microsoft.com> (raw)
In-Reply-To: <20230926192114.416-1-mikuback@linux.microsoft.com>
From: Michael Kubacki <michael.kubacki@microsoft.com>
CodeQL currently runs via the codeql-analysis.yml GitHub workflow
which uses the `github/codeql-action/init@v2` action (pre-build)
and the `github/codeql-action/analyze@v2` action (post-build) to
setup the CodeQL environment and extract results.
This infrastructure is removed in preparation for a new design that
will directly run the CodeQL CLI as part of the build. This will
allow CodeQL to be run locally as part of the normal build process
with results that match 1:1 with CI builds.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
.github/codeql/codeql-config.yml | 29 -----
.github/codeql/edk2.qls | 24 ----
.github/workflows/codeql-analysis.yml | 118 --------------------
3 files changed, 171 deletions(-)
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
deleted file mode 100644
index a51db141ebe3..000000000000
--- a/.github/codeql/codeql-config.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-## @file
-# CodeQL configuration file for edk2.
-#
-# Copyright (c) Microsoft Corporation.
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-##
-
-name: "CodeQL config"
-
-# The following line disables the default queries. This is used because we want to enable on query at a time by
-# explicitly specifying each query in a "queries" array as they are enabled.
-#
-# See the following for more information about adding custom queries:
-# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file
-
-#disable-default-queries: true
-
-queries:
- - name: EDK2 CodeQL Query List
- uses: ./.github/codeql/edk2.qls
-
-# We must specify a query for CodeQL to run. Until the first query is enabled, enable the security query suite but
-# exclude all problem levels from impacting the results. After the first query is enabled, this filter can be relaxed
-# to find the level of problems desired from the query.
-query-filters:
-- exclude:
- problem.severity:
- - warning
- - recommendation
diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls
deleted file mode 100644
index 9bea9ba01f24..000000000000
--- a/.github/codeql/edk2.qls
+++ /dev/null
@@ -1,24 +0,0 @@
----
-- description: EDK2 (C++) queries
-
-# Bring in all queries from the official cpp-queries suite so individual queries can be explicitly enabled.
-
-- queries: '.'
- from: codeql/cpp-queries
-
-# Enable individual queries below.
-
-- include:
- id: cpp/conditionallyuninitializedvariable
-- include:
- id: cpp/infinite-loop-with-unsatisfiable-exit-condition
-- include:
- id: cpp/overflow-buffer
-- include:
- id: cpp/overrunning-write
-- include:
- id: cpp/overrunning-write-with-float
-- include:
- id: cpp/pointer-overflow-check
-- include:
- id: cpp/very-likely-overrunning-write
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
deleted file mode 100644
index cc7f06f7b5b7..000000000000
--- a/.github/workflows/codeql-analysis.yml
+++ /dev/null
@@ -1,118 +0,0 @@
-# @file
-# GitHub Workflow for CodeQL Analysis
-#
-# Copyright (c) Microsoft Corporation.
-#
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-##
-
-name: "CodeQL"
-
-on:
- push:
- branches:
- - master
- pull_request:
- branches:
- - master
- paths-ignore:
- - '**/*.bat'
- - '**/*.md'
- - '**/*.py'
- - '**/*.rst'
- - '**/*.sh'
- - '**/*.txt'
-
- schedule:
- # https://crontab.guru/#20_23_*_*_4
- - cron: '20 23 * * 4'
-
-jobs:
- analyze:
- name: Analyze
- runs-on: windows-2019
- permissions:
- actions: read
- contents: read
- security-events: write
-
- strategy:
- fail-fast: false
- matrix:
- include:
- - Package: "ArmPkg"
- ArchList: "IA32,X64"
- - Package: "CryptoPkg"
- ArchList: "IA32"
- - Package: "CryptoPkg"
- ArchList: "X64"
- - Package: "DynamicTablesPkg"
- ArchList: "IA32,X64"
- - Package: "FatPkg"
- ArchList: "IA32,X64"
- - Package: "FmpDevicePkg"
- ArchList: "IA32,X64"
- - Package: "IntelFsp2Pkg"
- ArchList: "IA32,X64"
- - Package: "IntelFsp2WrapperPkg"
- ArchList: "IA32,X64"
- - Package: "MdeModulePkg"
- ArchList: "IA32"
- - Package: "MdeModulePkg"
- ArchList: "X64"
- - Package: "MdePkg"
- ArchList: "IA32,X64"
- - Package: "PcAtChipsetPkg"
- ArchList: "IA32,X64"
- - Package: "PrmPkg"
- ArchList: "IA32,X64"
- - Package: "SecurityPkg"
- ArchList: "IA32,X64"
- - Package: "ShellPkg"
- ArchList: "IA32,X64"
- - Package: "SourceLevelDebugPkg"
- ArchList: "IA32,X64"
- - Package: "StandaloneMmPkg"
- ArchList: "IA32,X64"
- - Package: "UefiCpuPkg"
- ArchList: "IA32,X64"
- - Package: "UnitTestFrameworkPkg"
- ArchList: "IA32,X64"
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- - name: Install Python
- uses: actions/setup-python@v4
- with:
- python-version: '3.10.6'
- cache: 'pip'
- cache-dependency-path: 'pip-requirements.txt'
-
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
- with:
- languages: 'cpp'
- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
- # Learn more about CodeQL language support at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/
- config-file: ./.github/codeql/codeql-config.yml
- # Note: Add new queries to codeql-config.yml file as they are enabled.
-
- - name: Install/Upgrade pip Modules
- run: pip install -r pip-requirements.txt --upgrade
-
- - name: Setup
- run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
-
- - name: Update
- run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
-
- - name: Build Tools From Source
- run: python BaseTools/Edk2ToolsBuild.py -t VS2019
-
- - name: CI Build
- run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.Package }} -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109082): https://edk2.groups.io/g/devel/message/109082
Mute This Topic: https://groups.io/mt/101603468/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-09-26 19:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-26 19:21 [edk2-devel] [PATCH v1 0/5] Use CodeQL CLI Michael Kubacki
2023-09-26 19:21 ` Michael Kubacki [this message]
2023-09-26 19:21 ` [edk2-devel] [PATCH v1 2/5] BaseTools/Plugin/CodeQL: Add CodeQL build plugin Michael Kubacki
2023-09-26 19:21 ` [edk2-devel] [PATCH v1 3/5] BaseTools/Plugin/CodeQL: Add integration helpers Michael Kubacki
2023-09-26 19:21 ` [edk2-devel] [PATCH v1 4/5] .pytool/CISettings.py: Integrate CodeQL Michael Kubacki
2023-09-26 19:21 ` [edk2-devel] [PATCH v1 5/5] .github/workflows/codeql.yml: Add CodeQL workflow Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230926192114.416-2-mikuback@linux.microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox