@@ -227,8 +227,26 @@ jobs:
227227 uses : github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
228228 if : ${{ env.RUN_CODEQL }}
229229 with :
230- check_name : " Arduino Linux"
231- category : " Chunk ${{ matrix.chunk }}"
230+ category : " Arduino Linux Chunk ${{ matrix.chunk }}"
231+ output : sarif-results
232+ upload : failure-only
233+
234+ - name : Filter CodeQL Results
235+ uses : advanced-security/filter-sarif@v1
236+ if : ${{ env.RUN_CODEQL }}
237+ with :
238+ patterns : |
239+ +**/*
240+ -tools/**
241+ input : sarif-results/cpp.sarif
242+ output : sarif-results/cpp.sarif
243+
244+ - name : Upload filtered SARIF
245+ uses : github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
246+ if : ${{ env.RUN_CODEQL }}
247+ with :
248+ sarif_file : sarif-results/cpp.sarif
249+ category : " Arduino Linux Chunk ${{ matrix.chunk }}"
232250
233251 # Upload cli compile json as artifact
234252 - name : Upload cli compile json
@@ -270,8 +288,26 @@ jobs:
270288 uses : github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
271289 if : ${{ env.RUN_CODEQL }}
272290 with :
273- check_name : " Arduino Windows/MacOS"
274- category : " ${{ matrix.os }}"
291+ category : " Arduino ${{ matrix.os }}"
292+ output : sarif-results
293+ upload : failure-only
294+
295+ - name : Filter CodeQL Results
296+ uses : advanced-security/filter-sarif@v1
297+ if : ${{ env.RUN_CODEQL }}
298+ with :
299+ patterns : |
300+ +**/*
301+ -tools/**
302+ input : sarif-results/cpp.sarif
303+ output : sarif-results/cpp.sarif
304+
305+ - name : Upload filtered SARIF
306+ uses : github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
307+ if : ${{ env.RUN_CODEQL }}
308+ with :
309+ sarif_file : sarif-results/cpp.sarif
310+ category : " Arduino ${{ matrix.os }}"
275311
276312 build-esp-idf-component :
277313 name : Build with ESP-IDF ${{ matrix.idf_ver }} for ${{ matrix.idf_target }}
@@ -311,6 +347,15 @@ jobs:
311347 - name : Setup jq
312348 uses : dcarbone/install-jq-action@e397bd87438d72198f81efd21f876461183d383a # v3.0.1
313349
350+ - name : Initialize CodeQL
351+ uses : github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
352+ if : ${{ env.RUN_CODEQL }}
353+ with :
354+ languages : cpp
355+ build-mode : manual
356+ source-root : components/arduino-esp32
357+ config-file : ./components/arduino-esp32/.github/codeql/codeql-config.yml
358+
314359 - name : Build
315360 env :
316361 IDF_TARGET : ${{ matrix.idf_target }}
@@ -319,6 +364,31 @@ jobs:
319364 chmod a+x ./components/arduino-esp32/.github/scripts/*
320365 ./components/arduino-esp32/.github/scripts/on-push-idf.sh
321366
367+ name : Run CodeQL Analysis
368+ uses : github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
369+ if : ${{ env.RUN_CODEQL }}
370+ with :
371+ category : " Arduino as IDF Component for ${{ matrix.idf_target }}"
372+ output : sarif-results
373+ upload : failure-only
374+
375+ - name : Filter CodeQL Results
376+ uses : advanced-security/filter-sarif@v1
377+ if : ${{ env.RUN_CODEQL }}
378+ with :
379+ patterns : |
380+ +**/*
381+ -tools/**
382+ input : sarif-results/cpp.sarif
383+ output : sarif-results/cpp.sarif
384+
385+ - name : Upload filtered SARIF
386+ uses : github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
387+ if : ${{ env.RUN_CODEQL }}
388+ with :
389+ sarif_file : sarif-results/cpp.sarif
390+ category : " Arduino as IDF Component for ${{ matrix.idf_target }}"
391+
322392 - name : Upload generated sdkconfig files for debugging
323393 uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
324394 if : always()
0 commit comments