[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] codeql: add support for analyzing C, Python and Go
- To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Mon, 21 Mar 2022 10:54:43 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YGxpGz/5jcyAmpgTvIgBZY79YADEvb/wm6QO7uVsn7M=; b=ecQtAYj+aHDpyGbpUvXV9gLFlzdV4qJn5VKoi5A9cVxtuwwftm28TrCKFVb64u0qPgW5PyYuN1bPVMH8wrTOjnCHGoJIt/h6GNHMiAgL45axjkeQsjr2f98cRS3jDVcp9ZaO/qIH0c4LqOgTB6Htw3gKC10fbqgDlEwUFnEjIiUhdkZl0MPk86c8t7BVu44SFSf065L7tPT51x+MZhOtgeaRK9Mu98tmTKy3NIzYopK/2vTq07f8Qu9u3bDCBlEiPkb9hRZ0KoQntw8HQ98/t7xGlxUSb/T/UQl3MXA8TkY5e0kQTageyhdAgNMuDb+dykM4Mxk1La9t0rdZCRJ30w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TmfN7bjtk9km6m1J8ytupsC7yFC0PIZw753RMPHVRjyDW+ChsvBHh22jMqN6sozhjZyw9DzhjETIMZFMEbLB+YhV4XRWjJaw3uwBtw4puduPGqSeKHNHuoBlGC2jtyBDgFZvMvyHoxjm3V+483CxkDyzNpNdMcSNYR/DkHgMkyxqaBASd3/3wwwk2FBUE1iVC6Ii3hTGW9iq5dz1iJetlc5G6AYnB9POVNhKEZZLwhCoVZP0OfmWXCfkNaZVmb1Liqy947XTA2g2A/+gSMielKhzLjeGTwO8M8pBwiwptnKgyEBX/Rn34WZz1V80+5IMmJ2SA+q9bjKuCJXd0Jl0dA==
- Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Mon, 21 Mar 2022 09:55:05 +0000
- Ironport-data: A9a23:4ImSfaCbPYFy/RVW/wLjw5YqxClBgxIJ4kV8jS/XYbTApDJ23zUFy mAWWTiPPfqMZWqkeo8gYdzn9hgPv8KDmoNhQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuOU5NXsZ2YgHWeIdA970Ug5w7Vj29Yx6TSEK1jlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJMt3yZWKB2n5WuFp8tuSH I4v+l0bElTxpH/BAvv9+lryn9ZjrrT6ZWBigVIOM0Sub4QrSoXfHc/XOdJFAXq7hQllkPhT+ dNftZOvQj4bAZDtlOMxTEgFLyBHaPguFL/veRBTsOSWxkzCNXDt3+9vHAc9OohwFuRfWD8Us 6ZCcXZUM07F17neLLGTE4GAguw5K8bmJsUHs2xIxjDFF/c2B5vERs0m4PcGg25s2Z0XQ54yY eJBRSVLYkueTiZUFUlJKqkvseC0gmDWJmgwRFW9+vNsvjm7IBZK+KP2LNPfd9iORMNUtkWVv GTL+yL+GB5yHMOb4SqI9DSrnOCntSHmXIMfEpWo+/gsh0ecrkQDBRtTWValrP2Rjk+lR8kZO 0ES4jApr6U56AqsVNaVdx+yrWOAvxUcc8FNCOB84waIopc4+C7AWDJCFGQYLoV76olmHlTGy 2NlgfvLNDp9sLKKQkuvyYq1oTSeJnlIEW47MHpsoRQ+3/Hvp4Q6jxTqR9llEbKogtCdJQwc0 wxmvwBl2exN0JdjO7GTuAme3mny/sShohsdvF2/Y46z0u9uiGdJjaSM4EOT0/tPJZ3xorKp7 CldwJj2AAzj4PiweM2xrAclQerBCxWtamS0bbtT834JrWjFxpJbVdoMiAyS3W8wWir+RRfnY VXIpSRa74JJMX2hYMdfOtztVJRzlfG5RY2+B5g4i+aihbArKWe6ENxGPxbMjwgBbmBy+U3AB XtrWZn1VitLYUiW5DG3W/0cwdcWKtMWngvuqWTA503/i9K2PSfNIZ9caQfmRr1pvcus/VSOm /4CZpTi9vmqeLCnCsUh2dVIdg5iwLlSLc2elvG7gcbYe1s4Qj59U6GNqV7jEqQ895loei7z1 ijVcmdTyUblhG2BLgOPa3t5b6joU4o5pnU+VRHA937xs5T/Se5DNJsiSqY=
- Ironport-hdrordr: A9a23:Vj/Zk6BEQZnPrz7lHehOsceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6Le90Y27MAnhHPlOkPQs1NaZLXLbUQ6TQr2KgrGSoQEIdxeOk9K1kJ 0QD5SWa+eAfGSS7/yKmTVQeuxIqLLskNHKuQ6d9QYUcegDUdAf0+4TMHf8LqQZfngjOXJvf6 Dsmfav6gDQMUg/X4CePD0oTuLDr9rEmNbPZgMHPQcu7E2rgSmz4LD3PhCE1lNGOgk/i4sKwC zgqUjU96+ju/a0xlv10HLS1Y1fnJ/ExsFYDMKBp8AJInHHixquZq5mR7qe1QpF692H2RIPqp 3hsh0gN8N85zf4eXy0mwLk303a3DMn+xbZuCilqEqmhfa8aCMxCsJHi44cWADe8VAcsNZ117 8O936FtrJMZCmw0xjV1pztbVVHh0C0qX0tnao4lHpES7YTb7dXsMg24F5VKpEdByj3gbpXXN WGNPuspcq+TGnqL0ww5gJUsZ+RtzUIb1q7q3E5y4KoO2M8pgE686MarPZv6kvouqhNDqWs3N 60QZiApIs+PvP+UpgNdtvpYfHHfFAlEii8eV57HzzcZdQ60jT22trK3Ik=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Ping?
On Mon, Mar 07, 2022 at 05:45:52PM +0100, Roger Pau Monne wrote:
> Introduce CodeQL support for Xen and analyze the C, Python and Go
> files.
>
> Note than when analyzing Python or Go we avoid building the hypervisor
> and only build the tools.
>
> Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> ---
> Changes since v1:
> - Rename to note it's x86 specific right now.
> - Merge the ignored path patch.
> ---
> It's my understanding that we need to force the checkout action to
> fetch 'staging' branch, or else for the scheduled runs we would end up
> picking the current default branch (master).
>
> Maybe we want to remove the scheduled action and just rely on pushes
> and manually triggered workflows?
> ---
> .github/codeql/codeql-config.yml | 3 ++
> .github/workflows/codeql-x86.yml | 60 ++++++++++++++++++++++++++++++++
> 2 files changed, 63 insertions(+)
> create mode 100644 .github/codeql/codeql-config.yml
> create mode 100644 .github/workflows/codeql-x86.yml
>
> diff --git a/.github/codeql/codeql-config.yml
> b/.github/codeql/codeql-config.yml
> new file mode 100644
> index 0000000000..721640c2a5
> --- /dev/null
> +++ b/.github/codeql/codeql-config.yml
> @@ -0,0 +1,3 @@
> +paths-ignore:
> + - xen/tools/kconfig
> + - tools/firmware/xen-dir/xen-root/xen/tools/kconfig
> diff --git a/.github/workflows/codeql-x86.yml
> b/.github/workflows/codeql-x86.yml
> new file mode 100644
> index 0000000000..a3ec6236c4
> --- /dev/null
> +++ b/.github/workflows/codeql-x86.yml
> @@ -0,0 +1,60 @@
> +name: CodeQL x86
> +
> +on:
> + workflow_dispatch:
> + push:
> + branches: [staging]
> + schedule:
> + - cron: '18 10 * * WED,SUN' # Bi-weekly at 10:18 UTC
> +
> +jobs:
> + analyse:
> +
> + strategy:
> + matrix:
> + language: [ 'cpp', 'python', 'go' ]
> +
> + runs-on: ubuntu-latest
> +
> + steps:
> + - name: Install build dependencies
> + run: |
> + sudo apt-get install -y wget git \
> + libbz2-dev build-essential \
> + zlib1g-dev libncurses5-dev iasl \
> + libbz2-dev e2fslibs-dev uuid-dev libyajl-dev \
> + autoconf libtool liblzma-dev \
> + python3-dev golang python-dev libsystemd-dev
> +
> + - uses: actions/checkout@v2
> + with:
> + ref: staging
> +
> + - name: Configure Xen
> + run: |
> + ./configure --with-system-qemu=/bin/true \
> + --with-system-seabios=/bin/true \
> + --with-system-ovmf=/bin/true
> +
> + - name: Pre build stuff
> + run: |
> + make -j`nproc` mini-os-dir
> +
> + - uses: github/codeql-action/init@v1
> + with:
> + config-file: ./.github/codeql/codeql-config.yml
> + languages: ${{matrix.language}}
> + queries: security-and-quality
> +
> + - if: matrix.language == 'cpp'
> + name: Full Build
> + run: |
> + make -j`nproc` build-xen build-tools
> + make -j`nproc` -C extras/mini-os/
> +
> + - if: matrix.language == 'python' || matrix.language == 'go'
> + name: Tools Build
> + run: |
> + make -j`nproc` build-tools
> +
> + - uses: github/codeql-action/analyze@v1
> --
> 2.34.1
>
|