trying again. #1065
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL (daily) | |
| on: | |
| schedule: | |
| - cron: '30 1 * * *' | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - '**' | |
| jobs: | |
| # ===== Java Analysis Job ===== | |
| analyze-java: | |
| name: "Analyze Java Code" | |
| permissions: | |
| actions: read | |
| security-events: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Java 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 17 | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: java | |
| - name: Build Java code | |
| run: ./gradlew assemble --no-build-cache | |
| # Skip build cache for full code analysis | |
| - name: Perform CodeQL analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: java | |
| # ===== C++ Analysis Job ===== | |
| analyze-cpp: | |
| name: "Analyze C++ Code" | |
| permissions: | |
| actions: read | |
| security-events: write | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Java 17 (required for JNI compilation) | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 17 | |
| - name: Setup Visual Studio Build Tools | |
| uses: microsoft/setup-msbuild@v1 | |
| - name: Set up Windows SDK | |
| uses: ilammy/msvc-dev-cmd@v1 | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: cpp | |
| debug: true | |
| config-file: .github/codeql-config.yml | |
| - name: Build C++ code | |
| shell: powershell | |
| id: build-cpp | |
| run: | | |
| # Set required environment variables | |
| $env:APPINSIGHTS_WIN10_SDK_PATH = "C:\Program Files (x86)\Windows Kits\10" | |
| $env:APPINSIGHTS_VS_PATH = $env:VsInstallRoot | |
| $env:JAVA_HOME = $env:JAVA_HOME_17_X64 | |
| # Explicitly define which C++ file we're interested in | |
| $sourceDir = "etw/native/src/main/cpp" | |
| $headerDir = "etw/native/src/main/headers" | |
| $cppFile = "$sourceDir/etw_provider.cpp" | |
| Write-Host "Analyzing C++ file: $cppFile" | |
| # Create compile_commands.json for CodeQL to use | |
| $compileCommandsJson = @" | |
| [ | |
| { | |
| "directory": "${PWD}/$sourceDir", | |
| "command": "cl.exe /W4 /EHsc /sdl /std:c++14 /I\"${env:APPINSIGHTS_WIN10_SDK_PATH}/include/10.0.22621.0/um\" /I\"${env:JAVA_HOME}/include\" /I\"${env:JAVA_HOME}/include/win32\" /I\"${PWD}/$headerDir\" /c $cppFile", | |
| "file": "$cppFile" | |
| } | |
| ] | |
| "@ | |
| $compileCommandsFile = "compile_commands.json" | |
| Write-Host "Creating $compileCommandsFile..." | |
| Set-Content -Path $compileCommandsFile -Value $compileCommandsJson | |
| # Create a simple C++ file in the same directory to ensure the compiler is called | |
| $simpleCode = @" | |
| // Simple file to ensure compiler is run | |
| #include <windows.h> | |
| #include "etw_provider.h" | |
| int main() { return 0; } | |
| "@ | |
| Set-Content -Path "codeql_trigger.cpp" -Value $simpleCode | |
| # Use a try/catch block to handle errors without failing the job | |
| try { | |
| # List files for debugging | |
| Write-Host "C++ files that will be analyzed:" | |
| Get-ChildItem -Path $sourceDir -Recurse -Include "*.cpp" | ForEach-Object { | |
| Write-Host " $($_.FullName)" | |
| } | |
| Get-ChildItem -Path $headerDir -Recurse -Include "*.h" | ForEach-Object { | |
| Write-Host " $($_.FullName)" | |
| } | |
| # Try a minimal compile to help CodeQL recognize the files | |
| Write-Host "Running minimal compile..." | |
| & cl.exe /c codeql_trigger.cpp /I"$headerDir" /I"$sourceDir" /EHsc | |
| Write-Host "C++ preparation completed successfully" | |
| echo "CPP_BUILD_SUCCEEDED=true" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| } | |
| catch { | |
| Write-Host "Warning: C++ build step encountered an error: $_" | |
| Write-Host "Proceeding with CodeQL analysis anyway" | |
| echo "CPP_BUILD_SUCCEEDED=false" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| } | |
| - name: Perform CodeQL analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: cpp | |
| - name: Report C++ build status | |
| if: env.CPP_BUILD_SUCCEEDED == 'false' | |
| run: | | |
| echo "::warning::C++ build failed but CodeQL scan was attempted anyway. Some C++ issues may not be detected." | |
| scheduled-job-notification: | |
| permissions: | |
| issues: write | |
| needs: | |
| - analyze-java | |
| - analyze-cpp | |
| if: always() | |
| uses: ./.github/workflows/reusable-scheduled-job-notification.yml | |
| with: | |
| success: ${{ needs.analyze-java.result == 'success' && needs.analyze-cpp.result == 'success' }} |