Enable CodeQL in this repo

[damonbarry]

CodeQL detects one C# file and four C files in this repository and wants to run analysis on them. This PR enables CodeQL analysis.

For the C code, since CodeQL's autobuild can't figure out our Rust-based build, I added a custom pipeline. I adapted the YAML that GitHub generates for advanced code scanning.

For C#, the single file in this repo is not production code--it's meant to be run inside an Azure Function during a test--so building it in the new pipeline isn't worth the effort. Instead, I changed the extension on the file. Hopefully CodeQL will pass over it.

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[arsing]

Your troubles with needing to install the deps manually are because you're building outside a container. Why are you doing that? Is it because the make needs to be done in the same "context" as where the github/codeql-action/init runs?

If so, I suggest:

Step 1: github/codeql-action/init@v2

Step 2: run: sudo bash -c '. install-build-deps.sh; make'

Step 3: github/codeql-action/analyze@v2

[damonbarry]

Is it because the make needs to be done in the same "context" as where the github/codeql-action/init runs?

Yes, exactly. Thanks, I'll use your suggestion.

[damonbarry]

@arsing got it working. It would be great if you could review.