tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove existing CodeQL infrastructure 

CodeQL currently runs via the codeql-analysis.yml GitHub workflow
which uses the `github/codeql-action/init@v2` action (pre-build)
and the `github/codeql-action/analyze@v2` action (post-build) to
setup the CodeQL environment and extract results.

This infrastructure is removed in preparation for a new design that
will directly run the CodeQL CLI as part of the build. This will
allow CodeQL to be run locally as part of the normal build process
with results that match 1:1 with CI builds.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
This commit is contained in:
Michael Kubacki 2023-09-25 12:13:28 -04:00 committed by mergify[bot]
parent da21991953
commit c1393bd486
3 changed files with 0 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.github/codeql/codeql-config.yml vendored
View File

@ -1,29 +0,0 @@
## @file
# CodeQL configuration file for edk2.
#
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
name: "CodeQL config"
# The following line disables the default queries. This is used because we want to enable on query at a time by
# explicitly specifying each query in a "queries" array as they are enabled.
#
# See the following for more information about adding custom queries:
# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file
#disable-default-queries: true
queries:
- name: EDK2 CodeQL Query List
uses: ./.github/codeql/edk2.qls
# We must specify a query for CodeQL to run. Until the first query is enabled, enable the security query suite but
# exclude all problem levels from impacting the results. After the first query is enabled, this filter can be relaxed
# to find the level of problems desired from the query.
query-filters:
- exclude:
problem.severity:
- warning
- recommendation

24
.github/codeql/edk2.qls vendored
View File

@ -1,24 +0,0 @@
---
- description: EDK2 (C++) queries
# Bring in all queries from the official cpp-queries suite so individual queries can be explicitly enabled.
- queries: '.'
from: codeql/cpp-queries
# Enable individual queries below.
- include:
id: cpp/conditionallyuninitializedvariable
- include:
id: cpp/infinite-loop-with-unsatisfiable-exit-condition
- include:
id: cpp/overflow-buffer
- include:
id: cpp/overrunning-write
- include:
id: cpp/overrunning-write-with-float
- include:
id: cpp/pointer-overflow-check
- include:
id: cpp/very-likely-overrunning-write

118
.github/workflows/codeql-analysis.yml vendored
View File

@ -1,118 +0,0 @@
# @file
# GitHub Workflow for CodeQL Analysis
#
# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
name: "CodeQL"
on:
push:
branches:
- master
pull_request:
branches:
- master
paths-ignore:
- '**/*.bat'
- '**/*.md'
- '**/*.py'
- '**/*.rst'
- '**/*.sh'
- '**/*.txt'
schedule:
# https://crontab.guru/#20_23_*_*_4
- cron: '20 23 * * 4'
jobs:
analyze:
name: Analyze
runs-on: windows-2019
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
include:
- Package: "ArmPkg"
ArchList: "IA32,X64"
- Package: "CryptoPkg"
ArchList: "IA32"
- Package: "CryptoPkg"
ArchList: "X64"
- Package: "DynamicTablesPkg"
ArchList: "IA32,X64"
- Package: "FatPkg"
ArchList: "IA32,X64"
- Package: "FmpDevicePkg"
ArchList: "IA32,X64"
- Package: "IntelFsp2Pkg"
ArchList: "IA32,X64"
- Package: "IntelFsp2WrapperPkg"
ArchList: "IA32,X64"
- Package: "MdeModulePkg"
ArchList: "IA32"
- Package: "MdeModulePkg"
ArchList: "X64"
- Package: "MdePkg"
ArchList: "IA32,X64"
- Package: "PcAtChipsetPkg"
ArchList: "IA32,X64"
- Package: "PrmPkg"
ArchList: "IA32,X64"
- Package: "SecurityPkg"
ArchList: "IA32,X64"
- Package: "ShellPkg"
ArchList: "IA32,X64"
- Package: "SourceLevelDebugPkg"
ArchList: "IA32,X64"
- Package: "StandaloneMmPkg"
ArchList: "IA32,X64"
- Package: "UefiCpuPkg"
ArchList: "IA32,X64"
- Package: "UnitTestFrameworkPkg"
ArchList: "IA32,X64"
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'
cache-dependency-path: 'pip-requirements.txt'
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: 'cpp'
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/
config-file: ./.github/codeql/codeql-config.yml
# Note: Add new queries to codeql-config.yml file as they are enabled.
- name: Install/Upgrade pip Modules
run: pip install -r pip-requirements.txt --upgrade
- name: Setup
run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
- name: Update
run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
- name: Build Tools From Source
run: python BaseTools/Edk2ToolsBuild.py -t VS2019
- name: CI Build
run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.Package }} -t DEBUG -a ${{ matrix.ArchList }} TOOL_CHAIN_TAG=VS2019
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2