Adds a new GitHub workflow that allows CodeQL to run against platform
builds. Previously, only a "CI" CodeQL workflow existed
(.sync\workflows\leaf\codeql.yml) that did not support platform
builders.
The CodeQL platform workflow is agnostic to specific platform details.
It works by discovering all buildable platforms in a repo before any
dependencies are cloned and then verifying the build files in the
platform package directory support platform build. If they do, it is
checked if they support CodeQL. Only platforms that meet all of these
conditions are actually built via a dynamic platform package matrix.
This allows the workflow to scale across platform repos and
automatically pick up new platforms as they onboard support for
CodeQL.
Adds a new GitHub workflow that allows CodeQL to run against platform builds. Previously, only a "CI" CodeQL workflow existed (
.sync\workflows\leaf\codeql.yml
) that did not support platform builders.The CodeQL platform workflow is agnostic to specific platform details.
It works by discovering all buildable platforms in a repo before any dependencies are cloned and then verifying the build files in the platform package directory support platform build. If they do, it is checked if they support CodeQL. Only platforms that meet all of these conditions are actually built via a dynamic platform package matrix.
This allows the workflow to scale across platform repos and automatically pick up new platforms as they onboard support for CodeQL.
Tested in
mu_tiano_platforms
.