audk/.github/workflows/codeql-analysis.yml

# @file
# GitHub Workflow for CodeQL Analysis
#
# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
##

name: "CodeQL"

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master
    paths-ignore:
      - '**/*.bat'
      - '**/*.md'
      - '**/*.py'
      - '**/*.rst'
      - '**/*.sh'
      - '**/*.txt'

  schedule:
    # https://crontab.guru/#20_23_*_*_4
    - cron: '20 23 * * 4'

jobs:
  analyze:
    name: Analyze
    runs-on: windows-2019
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        package: [
          "ArmPkg",
          "CryptoPkg",
          "DynamicTablesPkg",
          "FatPkg",
          "FmpDevicePkg",
          "IntelFsp2Pkg",
          "IntelFsp2WrapperPkg",
          "MdeModulePkg",
          "MdePkg",
          "PcAtChipsetPkg",
          "PrmPkg",
          "SecurityPkg",
          "ShellPkg",
          "SourceLevelDebugPkg",
          "StandaloneMmPkg",
          "UefiCpuPkg",
          "UnitTestFrameworkPkg"]

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Install Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.10.6'

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: 'cpp'
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/
        config-file: ./.github/codeql/codeql-config.yml
        # Note: Add new queries to codeql-config.yml file as they are enabled.

    - name: Install/Upgrade pip Modules
      run: pip install -r pip-requirements.txt --upgrade

    - name: Setup
      run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a IA32,X64 TOOL_CHAIN_TAG=VS2019

    - name: Update
      run: stuart_update -c .pytool/CISettings.py -t DEBUG -a IA32,X64 TOOL_CHAIN_TAG=VS2019

    - name: Build Tools From Source
      run: python BaseTools/Edk2ToolsBuild.py -t VS2019

    - name: CI Build
      run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.package }} -t DEBUG -a IA32,X64 TOOL_CHAIN_TAG=VS2019

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2