From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id C7952740032 for ; Mon, 16 Oct 2023 20:13:02 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ZWdLslZm3H4+Qtu/sg5d6nEsQJaOzS+GpriatI9Tm3I=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1697487181; v=1; b=tL7kk5mn0PEyerrSxEozLTMkuYbU1MWiZfPAEwBUqYxctT6Buo2UbqRswMFwa84xkmgzXDkn AaxzZ1D2FMhT6Gjtyxj90hcQZnmbSVwSE955+UsvGTxPLWS3j4U1cULjxKatg5D6O8YAfJa27go UmQWdxyHBCdQWIp1eXqkOwLQ= X-Received: by 127.0.0.2 with SMTP id O9TjYY7687511x16h6gCMKvB; Mon, 16 Oct 2023 13:13:01 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.178584.1697487180971757950 for ; Mon, 16 Oct 2023 13:13:01 -0700 X-Received: from localhost.localdomain (unknown [47.201.241.95]) by linux.microsoft.com (Postfix) with ESMTPSA id 28F2A20B74C1; Mon, 16 Oct 2023 13:13:00 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 28F2A20B74C1 From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Sean Brogan , Michael D Kinney Subject: [edk2-devel] [PATCH v2 1/7] Remove existing CodeQL infrastructure Date: Mon, 16 Oct 2023 16:12:32 -0400 Message-ID: <20231016201239.953-2-mikuback@linux.microsoft.com> In-Reply-To: <20231016201239.953-1-mikuback@linux.microsoft.com> References: <20231016201239.953-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: euffaoxUKqzJ3uQbVI31xgwfx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=tL7kk5mn; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Michael Kubacki CodeQL currently runs via the codeql-analysis.yml GitHub workflow which uses the `github/codeql-action/init@v2` action (pre-build) and the `github/codeql-action/analyze@v2` action (post-build) to setup the CodeQL environment and extract results. This infrastructure is removed in preparation for a new design that will directly run the CodeQL CLI as part of the build. This will allow CodeQL to be run locally as part of the normal build process with results that match 1:1 with CI builds. Cc: Sean Brogan Cc: Michael D Kinney Signed-off-by: Michael Kubacki --- .github/codeql/codeql-config.yml | 29 ----- .github/codeql/edk2.qls | 24 ---- .github/workflows/codeql-analysis.yml | 118 -------------------- 3 files changed, 171 deletions(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-con= fig.yml deleted file mode 100644 index a51db141ebe3..000000000000 --- a/.github/codeql/codeql-config.yml +++ /dev/null @@ -1,29 +0,0 @@ -## @file -# CodeQL configuration file for edk2. -# -# Copyright (c) Microsoft Corporation. -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -name: "CodeQL config" - -# The following line disables the default queries. This is used because = we want to enable on query at a time by -# explicitly specifying each query in a "queries" array as they are enab= led. -# -# See the following for more information about adding custom queries: -# https://docs.github.com/en/code-security/code-scanning/automatically-s= canning-your-code-for-vulnerabilities-and-errors/configuring-code-scannin= g#using-a-custom-configuration-file - -#disable-default-queries: true - -queries: - - name: EDK2 CodeQL Query List - uses: ./.github/codeql/edk2.qls - -# We must specify a query for CodeQL to run. Until the first query is en= abled, enable the security query suite but -# exclude all problem levels from impacting the results. After the first= query is enabled, this filter can be relaxed -# to find the level of problems desired from the query. -query-filters: -- exclude: - problem.severity: - - warning - - recommendation diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls deleted file mode 100644 index 9bea9ba01f24..000000000000 --- a/.github/codeql/edk2.qls +++ /dev/null @@ -1,24 +0,0 @@ ---- -- description: EDK2 (C++) queries - -# Bring in all queries from the official cpp-queries suite so individual= queries can be explicitly enabled. - -- queries: '.' - from: codeql/cpp-queries - -# Enable individual queries below. - -- include: - id: cpp/conditionallyuninitializedvariable -- include: - id: cpp/infinite-loop-with-unsatisfiable-exit-condition -- include: - id: cpp/overflow-buffer -- include: - id: cpp/overrunning-write -- include: - id: cpp/overrunning-write-with-float -- include: - id: cpp/pointer-overflow-check -- include: - id: cpp/very-likely-overrunning-write diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/co= deql-analysis.yml deleted file mode 100644 index 992b3b6f654e..000000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,118 +0,0 @@ -# @file -# GitHub Workflow for CodeQL Analysis -# -# Copyright (c) Microsoft Corporation. -# -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -name: "CodeQL" - -on: - push: - branches: - - master - pull_request: - branches: - - master - paths-ignore: - - '**/*.bat' - - '**/*.md' - - '**/*.py' - - '**/*.rst' - - '**/*.sh' - - '**/*.txt' - - schedule: - # https://crontab.guru/#20_23_*_*_4 - - cron: '20 23 * * 4' - -jobs: - analyze: - name: Analyze - runs-on: windows-2019 - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - include: - - Package: "ArmPkg" - ArchList: "IA32,X64" - - Package: "CryptoPkg" - ArchList: "IA32" - - Package: "CryptoPkg" - ArchList: "X64" - - Package: "DynamicTablesPkg" - ArchList: "IA32,X64" - - Package: "FatPkg" - ArchList: "IA32,X64" - - Package: "FmpDevicePkg" - ArchList: "IA32,X64" - - Package: "IntelFsp2Pkg" - ArchList: "IA32,X64" - - Package: "IntelFsp2WrapperPkg" - ArchList: "IA32,X64" - - Package: "MdeModulePkg" - ArchList: "IA32" - - Package: "MdeModulePkg" - ArchList: "X64" - - Package: "MdePkg" - ArchList: "IA32,X64" - - Package: "PcAtChipsetPkg" - ArchList: "IA32,X64" - - Package: "PrmPkg" - ArchList: "IA32,X64" - - Package: "SecurityPkg" - ArchList: "IA32,X64" - - Package: "ShellPkg" - ArchList: "IA32,X64" - - Package: "SourceLevelDebugPkg" - ArchList: "IA32,X64" - - Package: "StandaloneMmPkg" - ArchList: "IA32,X64" - - Package: "UefiCpuPkg" - ArchList: "IA32,X64" - - Package: "UnitTestFrameworkPkg" - ArchList: "IA32,X64" - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Install Python - uses: actions/setup-python@v4 - with: - python-version: '3.11' - cache: 'pip' - cache-dependency-path: 'pip-requirements.txt' - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: 'cpp' - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript',= 'python', 'ruby' ] - # Learn more about CodeQL language support at https://codeql.git= hub.com/docs/codeql-overview/supported-languages-and-frameworks/ - config-file: ./.github/codeql/codeql-config.yml - # Note: Add new queries to codeql-config.yml file as they are en= abled. - - - name: Install/Upgrade pip Modules - run: pip install -r pip-requirements.txt --upgrade - - - name: Setup - run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.= ArchList }} TOOL_CHAIN_TAG=3DVS2019 - - - name: Update - run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix= .ArchList }} TOOL_CHAIN_TAG=3DVS2019 - - - name: Build Tools From Source - run: python BaseTools/Edk2ToolsBuild.py -t VS2019 - - - name: CI Build - run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.Packag= e }} -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=3DVS2019 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 --=20 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109647): https://edk2.groups.io/g/devel/message/109647 Mute This Topic: https://groups.io/mt/102004558/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-