Create CodeQL workflow configuration #13598
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a new CodeQL workflow configuration to enable automated security scanning of the repository. The workflow addresses previous build failures by configuring manual build steps for C/C++ code analysis.
Key Changes:
- Added CodeQL Advanced workflow with support for Actions, C/C++, and Python analysis
- Configured manual build mode for C/C++ with explicit autogen, configure, and make steps
- Set up branch patterns to run on main and version branches (v5.0.x onwards), plus weekly scheduled scans
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jsquyres
force-pushed
the
jsquyres-patch-1
branch
from
ba53af0 to
1f31b56
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Create a non-default CodeQL workflow because CodeQL cannot build the C code in this repository without knowing how. Hence, take an auto-generated file and update it to include specific steps to autogen, configure, and build the C code. Also scan Python and github actions, but the default configuration is sufficient for those. Signed-off-by: Jeff Squyres <[email protected]>
jsquyres
force-pushed
the
jsquyres-patch-1
branch
from
1f31b56 to
fd6f33c
Compare
jsquyres
changed the title
|
@jsquyres Tried porting this to PMIx, but that code requires inclusion of libevent and hwloc. Looked at their pack stuff but can't make sense of how to specifically use it. Any suggestions appreciated! Otherwise, I'll probably just have to ignore it for now. Looks like your yml generated errors as well, thoug it's funny that the status above indicates "success". Click on their "this overview" link to see that CodeQL analysis actually error'd out. |
Create a non-default CodeQL workflow because CodeQL cannot build the C code in this repository without knowing how. Hence, take an auto-generated file and update it to include specific steps to autogen, configure, and build the C code.
Also scan Python and github actions, but the default configuration is sufficient for those.