From 93ae4db35a345a39d7891f38eb5fc9b6221410ab Mon Sep 17 00:00:00 2001 From: MX <10697207+xMasterX@users.noreply.github.com> Date: Mon, 11 Sep 2023 16:41:30 +0300 Subject: [PATCH] moved into codeql yml --- .github/workflows/codeql-code-scan.yml | 116 ------------------------- 1 file changed, 116 deletions(-) delete mode 100644 .github/workflows/codeql-code-scan.yml diff --git a/.github/workflows/codeql-code-scan.yml b/.github/workflows/codeql-code-scan.yml deleted file mode 100644 index 9572bba85..000000000 --- a/.github/workflows/codeql-code-scan.yml +++ /dev/null @@ -1,116 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" -run-name: "CodeQL Analyze ${{ github.ref_name }} by @${{ github.ACTOR }}" - -on: - push: - branches: ["dev"] - pull_request: - branches: ["dev"] - workflow_dispatch: - -jobs: - analyze: - name: Analyze - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners - # Consider using larger runners for possible analysis time improvements. - runs-on: [ "ubuntu-latest" ] - timeout-minutes: 60 - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["cpp"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] - # Use only 'java' to analyze code written in Java, Kotlin or both - # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - env: - PATH_SARIF_DIR: ".github/results.sarif" - PATH_SARIF_FILE: ".github/results.sarif/${{ matrix.language }}.sarif" - FBT_NO_SYNC: 0 - DIST_SUFFIX: "codeql" - WORKFLOW_BRANCH_OR_TAG: release-cfw - LANG_CATEGORY: "/language:${{matrix.language}}" - - steps: - - name: Checkout Firmware Files - uses: actions/checkout@v3 - with: - clean: "true" - submodules: "true" - fetch-depth: "0" - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - setup-python-dependencies: true - - - name: Resolve CodeQL Build Env - uses: github/codeql-action/resolve-environment@v2 - with: - language: ${{ matrix.language }} - #debug: true - - - name: Build Firmware - shell: bash - if: ${{ success() }} - run: | - ./fbt COMPACT=1 DEBUG=0 FBT_NO_SYNC=${{ env.FBT_NO_SYNC }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - if: ${{ success() }} - with: - threads: 4 - category: "${{ env.LANG_CATEGORY }}" - output: "${{ env.PATH_SARIF_DIR }}" - upload-database: false - upload: "failure-only" # disable the upload here - we will upload in a different action - - - name: Filter dirs for SARIF - uses: advanced-security/filter-sarif@v1 - if: ${{ success() }} - with: - # filter out all test files unless they contain a sql-injection vulnerability - patterns: | - -build/** - -dist/** - -toolchain/** - -lib/** - input: "${{ env.PATH_SARIF_FILE }}" - output: "${{ env.PATH_SARIF_FILE }}" - - - name: Upload CodeQL SARIF - uses: github/codeql-action/upload-sarif@v2 - if: ${{ success() }} - with: - category: "${{ env.LANG_CATEGORY }}" - sarif_file: "${{ env.PATH_SARIF_FILE }}" - - # optional: for debugging the uploaded sarif - # - name: Upload loc as a Build Artifact - # uses: actions/upload-artifact@v3 - # with: - # name: sarif-results - # path: sarif-results - # retention-days: 1