Re: [PATCH v3] codeql: add support for analyzing C, Python and Go

[Roger Pau Monné]

Ping?

On Wed, Mar 23, 2022 at 11:18:56AM +0100, Roger Pau Monne wrote:
> Introduce CodeQL support for Xen and analyze the C, Python and Go
> files.
> 
> Note than when analyzing Python or Go we avoid building the hypervisor
> and only build the tools.
> 
> Requested-by: Andrew Cooper <andrew.coop...@citrix.com>
> Signed-off-by: Roger Pau Monné <roger....@citrix.com>
> ---
> Changes since v2:
>  - Remove explicit 'staging' branch checkout.
>  - Remove explicit query.
>  - Remove ignored paths.
>  - Remove 'on schedule' trigger, or else it would be run against the
>    master branch instead of staging.
> 
> Changes since v1:
>  - Rename to note it's x86 specific right now.
>  - Merge the ignored path patch.
> ---
>  .github/workflows/codeql-x86.yml | 54 ++++++++++++++++++++++++++++++++
>  1 file changed, 54 insertions(+)
>  create mode 100644 .github/workflows/codeql-x86.yml
> 
> diff --git a/.github/workflows/codeql-x86.yml 
> b/.github/workflows/codeql-x86.yml
> new file mode 100644
> index 0000000000..6ddd445c79
> --- /dev/null
> +++ b/.github/workflows/codeql-x86.yml
> @@ -0,0 +1,54 @@
> +name: CodeQL x86
> +
> +on:
> +  workflow_dispatch:
> +  push:
> +    branches: [staging]
> +
> +jobs:
> +  analyse:
> +
> +    strategy:
> +      matrix:
> +        language: [ 'cpp', 'python', 'go' ]
> +
> +    runs-on: ubuntu-latest
> +
> +    steps:
> +    - name: Install build dependencies
> +      run: |
> +        sudo apt-get install -y wget git \
> +          libbz2-dev build-essential \
> +          zlib1g-dev libncurses5-dev iasl \
> +          libbz2-dev e2fslibs-dev uuid-dev libyajl-dev \
> +          autoconf libtool liblzma-dev \
> +          python3-dev golang python-dev libsystemd-dev
> +
> +    - uses: actions/checkout@v2
> +
> +    - name: Configure Xen
> +      run: |
> +        ./configure --with-system-qemu=/bin/true \
> +                    --with-system-seabios=/bin/true \
> +                    --with-system-ovmf=/bin/true
> +
> +    - name: Pre build stuff
> +      run: |
> +        make -j`nproc` mini-os-dir
> +
> +    - uses: github/codeql-action/init@v1
> +      with:
> +        languages: ${{matrix.language}}
> +
> +    - if: matrix.language == 'cpp'
> +      name: Full Build
> +      run: |
> +        make -j`nproc` build-xen build-tools
> +        make -j`nproc` -C extras/mini-os/
> +
> +    - if: matrix.language == 'python' || matrix.language == 'go'
> +      name: Tools Build
> +      run: |
> +        make -j`nproc` build-tools
> +
> +    - uses: github/codeql-action/analyze@v1
> -- 
> 2.35.1
>