Adds a new workflow that is synced to Mu repos that are
currently expected to run against CodeQL.
This workflow has the following features to support
maintainability across the repos it is synced to:
The packages are auto discovered and a dynamic matrix
is generated for each package build. This allows the
same file to work as-is in each repo that performs
CI builds (packages are in the repo root directory).
The Mu Basecore plugin directory is auto discovered
in the workspace based on the presence of the CodeQL
plugin being present in the directory.
The operations supported by the Stuart CI script are
dynamically discovered.
CodeQL is only run on Windows agents. There is a known
issue when building edk2-style code on Linux so this
avoids encountering that issue.
The Windows CodeQL CLI package is about 260MB at this time.
The GitHub Action cache is used by this workflow to cache
the CLI after it is initially pulled down in the Stuart ext
dep update.
The CLI ext dep directory name and version used for caching
are read from the ext_dep YAML file to reduce maintenance
needed in the workflow if the file changes in the future.
Note that the SARIF file for each run is uploaded as a per-package
artifact. These can be downloaded and opened in VS Code with the
SARIF Viewer extension to view issues locally with the ability
to click to issue locations in files.
Adds a new workflow that is synced to Mu repos that are currently expected to run against CodeQL.
This workflow has the following features to support maintainability across the repos it is synced to:
The packages are auto discovered and a dynamic matrix is generated for each package build. This allows the same file to work as-is in each repo that performs CI builds (packages are in the repo root directory).
The Mu Basecore plugin directory is auto discovered in the workspace based on the presence of the CodeQL plugin being present in the directory.
The operations supported by the Stuart CI script are dynamically discovered.
CodeQL is only run on Windows agents. There is a known issue when building edk2-style code on Linux so this avoids encountering that issue.
See: https://github.com/github/codeql-action/issues/1338
The Windows CodeQL CLI package is about 260MB at this time.
The GitHub Action cache is used by this workflow to cache the CLI after it is initially pulled down in the Stuart ext dep update.
The CLI ext dep directory name and version used for caching are read from the ext_dep YAML file to reduce maintenance needed in the workflow if the file changes in the future.
Note that the SARIF file for each run is uploaded as a per-package artifact. These can be downloaded and opened in VS Code with the SARIF Viewer extension to view issues locally with the ability to click to issue locations in files.
Signed-off-by: Michael Kubacki michael.kubacki@microsoft.com