@@ -110,7 +110,7 @@ jobs:
110110 # to avoid scanning 3rdparty codebases, initialize it just before building qbt
111111 - name : Initialize CodeQL
112112 uses : github/codeql-action/init@v4
113- if : startsWith(matrix.libtorrent.version, 2) && (matrix.qbt_gui == 'GUI=ON')
113+ if : startsWith(matrix.libtorrent.version, 2.0 ) && (matrix.qbt_gui == 'GUI=ON')
114114 with :
115115 config-file : ./.github/workflows/helper/codeql/cpp.yaml
116116 languages : cpp
@@ -141,9 +141,27 @@ jobs:
141141
142142 - name : Run CodeQL analysis
143143 uses : github/codeql-action/analyze@v4
144- if : startsWith(matrix.libtorrent.version, 2) && (matrix.qbt_gui == 'GUI=ON')
144+ if : startsWith(matrix.libtorrent.version, 2.0 ) && (matrix.qbt_gui == 'GUI=ON')
145145 with :
146- category : ${{ github.base_ref || github.ref_name }}
146+ category : " ${{ github.base_ref || github.ref_name }} lt ${{ matrix.libtorrent.version }}"
147+ output : sarif-results
148+ upload : failure-only
149+
150+ # Filter out results from 3rdparty codebases
151+ - name : Filter CodeQL results
152+ uses : advanced-security/filter-sarif@2da736ff05ef065cb2894ac6892e47b5eac2c3c0 # v1.1
153+ if : startsWith(matrix.libtorrent.version, 2.0) && (matrix.qbt_gui == 'GUI=ON')
154+ with :
155+ patterns : |
156+ -src/base/3rdparty/**
157+ input : sarif-results/cpp.sarif
158+ output : sarif-results/cpp.sarif
159+
160+ - name : Upload CodeQL SARIF
161+ uses : github/codeql-action/upload-sarif@v4
162+ if : startsWith(matrix.libtorrent.version, 2.0) && (matrix.qbt_gui == 'GUI=ON')
163+ with :
164+ sarif_file : sarif-results/cpp.sarif
147165
148166 - name : Prepare build artifacts
149167 run : |
0 commit comments