Xen project Mailing List

Re: [PATCH 1/2] codeql: add support for analyzing C, Python and Go

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

From: Andrew Cooper <amc96@xxxxxxxx>

Date: Fri, 25 Feb 2022 15:38:42 +0000

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Fri, 25 Feb 2022 15:38:52 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 25/02/2022 15:19, Roger Pau Monne wrote: > Introduce CodeQL support for Xen and analyze the C, Python and Go > files. > > Note than when analyzing Python or Go we avoid building the hypervisor > and only build the tools. > > Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > --- > TBD: there's no limit in the number of scans here unlike Coverity, but > each takes github minutes and we are limited to 2000 per month IIRC. > We might want to not perform a scan for each push. We don't push very often, and github is slower at noticing anyway, so I think we ought to be fine. We can always revisit the decision if we do end up hitting limits. > TBD: should we also disable the shim build? I'm not sure there's much > value in analyzing it. Shim's logic is quite different in areas. I'd say it's worth keeping. > --- > .github/workflows/codeql.yml | 59 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 59 insertions(+) > create mode 100644 .github/workflows/codeql.yml > > diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml > new file mode 100644 > index 0000000000..5bfe478983 > --- /dev/null > +++ b/.github/workflows/codeql.yml > @@ -0,0 +1,59 @@ > +name: CodeQL As a thought... As we're considering doing cross-arm checks, should we use an x86 suffix here ? > + > +on: > + workflow_dispatch: > + push: > + branches: [staging] > + schedule: > + - cron: '18 10 * * WED,SUN' # Bi-weekly at 10:18 UTC > + > +jobs: > + analyse: > + > + strategy: > + matrix: > + language: [ 'cpp', 'python', 'go' ] > + > + runs-on: ubuntu-latest > + > + steps: > + - name: Install build dependencies > + run: | > + sudo apt-get install -y wget git \ > + libbz2-dev build-essential \ > + zlib1g-dev libncurses5-dev iasl \ > + libbz2-dev e2fslibs-dev uuid-dev libyajl-dev \ > + autoconf libtool liblzma-dev \ > + python3-dev golang python-dev libsystemd-dev > + > + - uses: actions/checkout@v2 > + with: > + ref: staging This one doesn't want to be forced to staging. The github integration does work properly with different branches. Importantly, it will allow anyone with a fork of Xen to use the workflow_dispatch UI to do a one-off run on any branch. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.