Skip to content

Fix codeql issues (Main.cpp and Utility.cpp) #28

Fix codeql issues (Main.cpp and Utility.cpp)

Fix codeql issues (Main.cpp and Utility.cpp) #28

name: CodeQL Analysis
on:
push:
branches: ["main", "releases/**"]
paths-ignore:
- "*.md"
- "**/docs"
pull_request:
branches: ["main", "releases/**"]
paths-ignore:
- "*.md"
- "**/docs"
jobs:
sdl_compliance:
name: Running SDL Compliance Policy checks (CodeQL)
runs-on: windows-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
matrix:
include:
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
# Analyzes C and C++ code using the commands in `Build C and C++ code`
- language: "cpp"
build-mode: manual # Or autobuild
build-config: Release
build-platform: x64
env:
BuildConfiguration: Release
SolutionPath: 'LogMonitor\LogMonitor.sln'
CodeQLResultsDir: "../codeql-results"
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
# https://github.com/marketplace/actions/setup-msbuild#specifying-msbuild-architecture-optional
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v2
with:
msbuild-architecture: ${{ matrix.build-platform }} # Default is x86. Options are x86, x64, and arm64
- name: Check solution path
run: |
if (-not (Test-Path -Path "${{ env.SolutionPath }}" -ErrorAction Continue)) {
Throw "Invalid solution path: ${{ env.SolutionPath }}"
}
Write-Host "Current dir: $PWD"
Write-Host "Solution path: ${{ env.SolutionPath }}"
Get-ChildItem "${{ env.SolutionPath }}" -ErrorAction Continue
# https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
# https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning
# https://github.com/github/codeql-action/blob/main/init/action.yml
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: security-and-quality # Default is "security-extended"
build-mode: ${{ matrix.build-mode }}
# https://learn.microsoft.com/en-us/visualstudio/msbuild/msbuild-command-line-reference?view=vs-2022#arguments
- name: Build LogMonitor
run: |
msbuild.exe "${{ env.SolutionPath }}" /t:clean
msbuild.exe "${{ env.SolutionPath }}" /p:platform="${{ matrix.build-platform }}" /p:configuration="${{ env.BuildConfiguration }}"
# https://github.com/github/codeql-action/blob/main/analyze/action.yml
# Performs code analysis and uploads results to provided output path.
# We therefore do not need to use github/codeql-action/upload-sarif@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
# The path of the directory in which to save the SARIF results (../results/cpp.sarif)
output: ${{ env.CodeQLResultsDir }}
upload: "always" # Options: 'always', 'failure-only', 'never'