CodeQL No-Build Analysis #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL No-Build Analysis | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "0 4 * * SUN" | |
| pull_request: | |
| paths: | |
| - "*.py" | |
| - "*.yml" | |
| - "*.c" | |
| - "*.h" | |
| - "*.cpp" | |
| - "*.hpp" | |
| - "*.ino" | |
| jobs: | |
| codeql-analysis: | |
| name: CodeQL ${{ matrix.language }} Analysis | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| language: | |
| - python | |
| - actions | |
| - cpp | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| config-file: ./.github/codeql/codeql-config.yml | |
| build-mode: none | |
| - name: Process .ino files | |
| if: matrix.language == 'cpp' | |
| run: | | |
| # Create a mapping file to track renamed files | |
| echo "{}" > renamed_files.json | |
| # Find all .ino files and process them | |
| find . -name "*.ino" -type f | while read -r file; do | |
| echo "Processing $file" | |
| # Get the relative path from repository root | |
| rel_path=$(realpath --relative-to=. "$file") | |
| cpp_path="${rel_path%.ino}.cpp" | |
| # Create new .cpp file with Arduino.h include | |
| echo "#include <Arduino.h>" > "$cpp_path" | |
| # Append the original content | |
| cat "$file" >> "$cpp_path" | |
| # Update the mapping file | |
| jq --arg ino "$rel_path" --arg cpp "$cpp_path" '. += {($cpp): $ino}' renamed_files.json > temp.json && mv temp.json renamed_files.json | |
| # Remove the original .ino file | |
| rm "$file" | |
| echo "Converted $file to $cpp_path" | |
| done | |
| echo "Renamed files mapping:" | |
| cat renamed_files.json | |
| - name: Run CodeQL Analysis | |
| uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 | |
| with: | |
| category: "Analysis: ${{ matrix.language }}" | |
| output: sarif-results | |
| upload: failure-only | |
| - name: Process SARIF file | |
| if: matrix.language == 'cpp' | |
| run: | | |
| sarif_file="sarif-results/${{ matrix.language }}.sarif" | |
| if [ -f "$sarif_file" ] && [ -f "renamed_files.json" ]; then | |
| echo "Processing SARIF file: $sarif_file" | |
| # Read the renamed files mapping | |
| renamed_files=$(cat renamed_files.json) | |
| # Create a backup of the original SARIF | |
| cp "$sarif_file" "${sarif_file}.backup" | |
| # Process the SARIF file to rename files back to .ino and adjust line numbers | |
| jq --argjson renamed "$renamed_files" ' | |
| .runs[0].results |= map( | |
| if .locations[0].physicalLocation.artifactLocation.uri in $renamed then | |
| .locations[0].physicalLocation.artifactLocation.uri = $renamed[.locations[0].physicalLocation.artifactLocation.uri] | | |
| if .locations[0].physicalLocation.region.startLine then | |
| .locations[0].physicalLocation.region.startLine = (.locations[0].physicalLocation.region.startLine - 1) | |
| else . | |
| end | | |
| if .locations[0].physicalLocation.region.endLine then | |
| .locations[0].physicalLocation.region.endLine = (.locations[0].physicalLocation.region.endLine - 1) | |
| else . | |
| end | |
| else . | |
| end | |
| ) | |
| ' "$sarif_file" > "${sarif_file}.processed" | |
| # Replace the original SARIF with the processed version | |
| mv "${sarif_file}.processed" "$sarif_file" | |
| echo "SARIF file processed successfully" | |
| else | |
| echo "SARIF file or renamed files mapping not found, skipping processing" | |
| fi | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 | |
| with: | |
| sarif_file: sarif-results/${{ matrix.language }}.sarif | |
| category: "Analysis: ${{ matrix.language }}" |