tyler.durden/audk - audk - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Michael Kubacki	918288ab5a	.github/workflows/codeql.yml: Update actions being deprecated Currently CodeQL runs have the following warnings: Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/setup-python@v4, actions/upload-artifact@v3, actions/cache@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/. And: CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see: https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/ The first is resolved by updating the actions to the latest versions that were released to use Node.js 20. The second is specifically referring to the codeql-action/upload-sarif action which is at v2. This change updates all of the actions to the latest releases to prevent deprecated versions from continuing to be used. --- The following breaking change was noted in actions/upload-artifact that caused some related changes in the workflow: "Due to how Artifacts are created in this new version, it is no longer possible to upload to the same named Artifact multiple times. You must either split the uploads into multiple Artifacts with different names, or only upload once. Otherwise you will encounter an error." This workflow depended on that behavior previously to append multiple logs (e.g. setup log, update log, build log) to the same named artifact (named per package). These were appended after each operation so they are readily available if the operation failed and no further actions are run. Now the artifacts must be unique in name. The hyphenation comes in because edk2 further builds some packages with both architectures in a single build vs separate builds (e.g. IA32 and X64 vs IA32,X64). To uniquely name artifacts resulting from those builds, the architecture is also placed in the artifact name. For builds with multiple architectures the artifact name captures each architecture separated by a hyphen. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Joey Vagedes <joey.vagedes@gmail.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>	2024-03-04 18:03:29 +00:00
Michael Kubacki	26d484d086	.github/workflows/codeql.yml: Add emacs output Updates the workflow to also output files that can be loaded in emacs to show CodeQL issues (in addition to the existing SARIF output for standard SARIF viewers). The emacs files are in the SARIF zip file attached to each "CodeQL" run (https://github.com/tianocore/edk2/actions/workflows/codeql.yml). The file name ends with "-emacs.txt". An MdePkg example: "codeql-db-mdepkg-debug-0-emacs.txt". Cc: Joey Vagedes <joey.vagedes@gmail.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com>	2023-11-30 19:24:17 +00:00
Michael Kubacki	1384ce443d	.github/workflows/codeql.yml: Add CodeQL workflow Adds a workflow to run CodeQL against all packages built in .pytool/CISettings.py. The following is done: 1. Determine which packages to build against. Those that support are managed by .pytool/CISettings.py will be selected. For each package: 2. Determine how to interact with the package. Such as whether `stuart_ci_setup` or `stuart_setup` should be used. 3. Perform supported Stuart steps for setup and update. 4. Discover the CodeQL plugin directory in the repo. 5. Attempt to load the CodeQL CLI specific to the host OS from a GitHub cache. 6. Perform the build. 7. Clean up some files after build to improve robustness. 8. Upload the CodeQL results (generated SARIF file) to GitHub Code Scanning. The results will be associated with the trigger of the workflow. After each step that can upload logs such as the setup, update, and build steps the logs are uploaded as an artifact to the workflow run. This allows easy debugging in case there's an error in the step. The SARIF file is also uploaded to the workflow run so it can be downloaded and analyzed. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>	2023-11-07 03:19:26 +00:00

Author

SHA1

Message

Date

Michael Kubacki

918288ab5a

.github/workflows/codeql.yml: Update actions being deprecated

Currently CodeQL runs have the following warnings:

  Node.js 16 actions are deprecated. Please update the following
  actions to use Node.js 20: actions/setup-python@v4,
  actions/upload-artifact@v3, actions/cache@v3. For more information
  see:
  https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

And:

  CodeQL Action v2 will be deprecated on December 5th, 2024. Please
  update all occurrences of the CodeQL Action in your workflow files
  to v3. For more information, see:
  https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

The first is resolved by updating the actions to the latest versions
that were released to use Node.js 20. The second is specifically
referring to the codeql-action/upload-sarif action which is at v2.

This change updates all of the actions to the latest releases to
prevent deprecated versions from continuing to be used.

---

The following breaking change was noted in actions/upload-artifact
that caused some related changes in the workflow:

  "Due to how Artifacts are created in this new version, it is no
   longer possible to upload to the same named Artifact multiple
   times. You must either split the uploads into multiple Artifacts
   with different names, or only upload once. Otherwise you will
   encounter an error."

This workflow depended on that behavior previously to append multiple
logs (e.g. setup log, update log, build log) to the same named
artifact (named per package). These were appended after each operation
so they are readily available if the operation failed and no further
actions are run.

Now the artifacts must be unique in name. The hyphenation comes in
because edk2 further builds some packages with both architectures in
a single build vs separate builds (e.g. IA32 and X64 vs IA32,X64). To
uniquely name artifacts resulting from those builds, the architecture
is also placed in the artifact name. For builds with multiple
architectures the artifact name captures each architecture separated
by a hyphen.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

2024-03-04 18:03:29 +00:00

Michael Kubacki

26d484d086

.github/workflows/codeql.yml: Add emacs output

Updates the workflow to also output files that can be loaded in emacs
to show CodeQL issues (in addition to the existing SARIF output for
standard SARIF viewers).

The emacs files are in the SARIF zip file attached to each "CodeQL"
run (https://github.com/tianocore/edk2/actions/workflows/codeql.yml).

The file name ends with "-emacs.txt". An MdePkg example:
  "codeql-db-mdepkg-debug-0-emacs.txt".

Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com>

2023-11-30 19:24:17 +00:00

Michael Kubacki

1384ce443d

.github/workflows/codeql.yml: Add CodeQL workflow

Adds a workflow to run CodeQL against all packages built in
.pytool/CISettings.py. The following is done:

1. Determine which packages to build against. Those that support
   are managed by .pytool/CISettings.py will be selected.

For each package:

2. Determine how to interact with the package. Such as whether
   `stuart_ci_setup` or `stuart_setup` should be used.
3. Perform supported Stuart steps for setup and update.
4. Discover the CodeQL plugin directory in the repo.
5. Attempt to load the CodeQL CLI specific to the host OS from a
   GitHub cache.
6. Perform the build.
7. Clean up some files after build to improve robustness.
8. Upload the CodeQL results (generated SARIF file) to GitHub Code
   Scanning. The results will be associated with the trigger of the
   workflow.

After each step that can upload logs such as the setup, update, and
build steps the logs are uploaded as an artifact to the workflow run.
This allows easy debugging in case there's an error in the step.

The SARIF file is also uploaded to the workflow run so it can be
downloaded and analyzed.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>

2023-11-07 03:19:26 +00:00

3 Commits