From 0675209b4d7f380ca24755fe577a8f333208e056 Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Mon, 30 Mar 2026 23:30:29 +0300 Subject: [PATCH 01/11] Update workflow --- .github/workflows/codeql.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 804f33e..1ec97d4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -90,8 +90,3 @@ jobs: uses: github/codeql-action/analyze@v3 with: category: '/language:${{matrix.language}}' - - - name: Upload Results - uses: github/codeql-action/upload-sarif@v3 - with: - category: 'codeql-${{matrix.language}}-${{ matrix.build-mode }}' From 65d94bcebdfa8d6199015d745118e316f9bcaa87 Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Mon, 30 Mar 2026 23:39:52 +0300 Subject: [PATCH 02/11] Update workflow --- .github/workflows/codacy.yml | 3 ++- .github/workflows/msvc.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 87c15e6..21c94f1 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -41,6 +41,7 @@ jobs: # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + continue-on-error: true with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations @@ -59,4 +60,4 @@ jobs: uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif - category: 'codacy' + category: 'codacy-${{ github.run_id }}' diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index c1244e9..b1274ae 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -57,7 +57,7 @@ jobs: uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} - category: 'msvc-cpp' + category: 'msvc-cpp-${{ github.run_id }}' # Upload SARIF file as an Artifact to download and view # - name: Upload SARIF as an Artifact From 56817e06838809be0ed04c59b61b44b90f42cc7a Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Mon, 30 Mar 2026 23:49:34 +0300 Subject: [PATCH 03/11] Update workflow --- .github/workflows/codacy.yml | 8 ++++++-- .github/workflows/msvc.yml | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 21c94f1..19ff85a 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -38,6 +38,9 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Configure CMake + run: cmake -B build + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b @@ -57,7 +60,8 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 + if: always() with: sarif_file: results.sarif - category: 'codacy-${{ github.run_id }}' + category: 'codacy-${{ github.run_id }}-${{ github.run_attempt }}' diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index b1274ae..79aee6d 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -54,10 +54,10 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} - category: 'msvc-cpp-${{ github.run_id }}' + category: 'msvc-cpp-${{ github.run_id }}-${{ github.run_attempt }}' # Upload SARIF file as an Artifact to download and view # - name: Upload SARIF as an Artifact From 43ba066539af7d7cdc679e1b1fe2ddf71f7386ab Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 00:07:01 +0300 Subject: [PATCH 04/11] Update workflow --- .github/workflows/codacy.yml | 4 +++- .github/workflows/msvc.yml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 19ff85a..058104c 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -45,6 +45,8 @@ jobs: - name: Run Codacy Analysis CLI uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b continue-on-error: true + tools: + clang-tidy: false with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations @@ -64,4 +66,4 @@ jobs: if: always() with: sarif_file: results.sarif - category: 'codacy-${{ github.run_id }}-${{ github.run_attempt }}' + category: 'codacy-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.tool }}' diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index 79aee6d..56e137c 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -57,7 +57,8 @@ jobs: uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} - category: 'msvc-cpp-${{ github.run_id }}-${{ github.run_attempt }}' + # category: 'msvc-cpp-${{ github.run_id }}-${{ github.run_attempt }}' + category: 'msvc-cpp' # Upload SARIF file as an Artifact to download and view # - name: Upload SARIF as an Artifact From fa04087c66765ab4a6ea7a56ecc81d742c3c158a Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 00:14:35 +0300 Subject: [PATCH 05/11] Update workflow --- .clang-tidy | 4 ++++ .github/workflows/codacy.yml | 2 -- .github/workflows/msvc.yml | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 .clang-tidy diff --git a/.clang-tidy b/.clang-tidy new file mode 100644 index 0000000..730eec2 --- /dev/null +++ b/.clang-tidy @@ -0,0 +1,4 @@ +Checks: '-*,readability-*,performance-*' +WarningsAsErrors: '' +HeaderFilterRegex: '.*' +AnalyzeTemporaryDtors: false diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 058104c..221a382 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -45,8 +45,6 @@ jobs: - name: Run Codacy Analysis CLI uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b continue-on-error: true - tools: - clang-tidy: false with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index 56e137c..e464d16 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -57,8 +57,8 @@ jobs: uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} - # category: 'msvc-cpp-${{ github.run_id }}-${{ github.run_attempt }}' - category: 'msvc-cpp' + category: 'msvc-cpp-${{ github.run_id }}-${{ github.run_attempt }}-${{ github.sha }}' + # Upload SARIF file as an Artifact to download and view # - name: Upload SARIF as an Artifact From 968b4ad2ff9961e54fa7ffa298fe0e7ccd8b38e5 Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 00:28:26 +0300 Subject: [PATCH 06/11] Update workflow --- .github/workflows/codacy.yml | 2 +- .github/workflows/msvc.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 221a382..be647a3 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -64,4 +64,4 @@ jobs: if: always() with: sarif_file: results.sarif - category: 'codacy-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.tool }}' + category: 'codacy-${{ github.run_id }}' diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index e464d16..3ef9588 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -57,7 +57,7 @@ jobs: uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} - category: 'msvc-cpp-${{ github.run_id }}-${{ github.run_attempt }}-${{ github.sha }}' + category: 'msvc-cpp-${{ github.run_id }}' # Upload SARIF file as an Artifact to download and view From f43c33287f098c40f24bf47e692269cd27084b31 Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 00:34:19 +0300 Subject: [PATCH 07/11] Update workflow --- .github/workflows/codacy.yml | 6 ++++-- .github/workflows/msvc.yml | 5 ++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index be647a3..d5a9599 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -38,8 +38,10 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Configure CMake - run: cmake -B build + - name: Configure and Build CMake + run: | + cmake -B build + cmake --build build # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index 3ef9588..e6f0fa6 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -39,9 +39,8 @@ jobs: - name: Configure CMake run: cmake -B ${{ env.build }} - # Build is not required unless generated source files are used - # - name: Build CMake - # run: cmake --build ${{ env.build }} + - name: Build CMake + run: cmake --build ${{ env.build }} - name: Initialize MSVC Code Analysis uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99 From 7954795477629a977a1e899f39eb559ed34f634e Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 00:52:21 +0300 Subject: [PATCH 08/11] Update workflow --- .github/workflows/codacy.yml | 2 +- .github/workflows/msvc.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index d5a9599..d2dfcd5 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -66,4 +66,4 @@ jobs: if: always() with: sarif_file: results.sarif - category: 'codacy-${{ github.run_id }}' + category: '${{ github.workflow }}-codacy' diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index e6f0fa6..2b05050 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -52,11 +52,11 @@ jobs: ruleset: NativeRecommendedRules.ruleset # Upload SARIF file to GitHub Code Scanning Alerts - - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v4 - with: - sarif_file: ${{ steps.run-analysis.outputs.sarif }} - category: 'msvc-cpp-${{ github.run_id }}' + # - name: Upload SARIF to GitHub + # uses: github/codeql-action/upload-sarif@v4 + # with: + # sarif_file: ${{ steps.run-analysis.outputs.sarif }} + # category: '${{ github.workflow }}-msvc' # Upload SARIF file as an Artifact to download and view From 379674e3860673a357aa7e2b3341809aceae8266 Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 00:55:52 +0300 Subject: [PATCH 09/11] Update workflow --- .github/workflows/codacy.yml | 14 +++++++------- .github/workflows/msvc.yml | 10 +++++----- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index d2dfcd5..d4d0774 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -60,10 +60,10 @@ jobs: # This will handover control about PR rejection to the GitHub side max-allowed-issues: 2147483647 - # Upload the SARIF file generated in the previous step - - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v4 - if: always() - with: - sarif_file: results.sarif - category: '${{ github.workflow }}-codacy' + # # Upload the SARIF file generated in the previous step + # - name: Upload SARIF results file + # uses: github/codeql-action/upload-sarif@v4 + # if: always() + # with: + # sarif_file: results.sarif + # category: '${{ github.workflow }}-codacy' diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index 2b05050..b2e2065 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -52,11 +52,11 @@ jobs: ruleset: NativeRecommendedRules.ruleset # Upload SARIF file to GitHub Code Scanning Alerts - # - name: Upload SARIF to GitHub - # uses: github/codeql-action/upload-sarif@v4 - # with: - # sarif_file: ${{ steps.run-analysis.outputs.sarif }} - # category: '${{ github.workflow }}-msvc' + - name: Upload SARIF to GitHub + uses: github/codeql-action/upload-sarif@v4 + with: + sarif_file: ${{ steps.run-analysis.outputs.sarif }} + category: '${{ github.workflow }}-msvc' # Upload SARIF file as an Artifact to download and view From d0266de4fbc3a68a2c135d8080bc1828de1cf058 Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 01:06:05 +0300 Subject: [PATCH 10/11] Update workflow --- .github/workflows/msvc.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index b2e2065..c47cc31 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -51,12 +51,29 @@ jobs: # Ruleset file that will determine what checks will be run ruleset: NativeRecommendedRules.ruleset + - name: Consolidate SARIF + shell: powershell + run: | + $sarif = Get-Content "${{ steps.run-analysis.outputs.sarif }}" -Raw | ConvertFrom-Json + + # Merge all runs into the first run + if ($sarif.runs.Count -gt 1) { + $firstRun = $sarif.runs[0] + for ($i = 1; $i -lt $sarif.runs.Count; $i++) { + $firstRun.results += $sarif.runs[$i].results + } + $sarif.runs = @($firstRun) + } + + $sarif | ConvertTo-Json -Depth 100 | Set-Content "${{ steps.run-analysis.outputs.sarif }}" + + # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} - category: '${{ github.workflow }}-msvc' + category: 'msvc-cpp' # Upload SARIF file as an Artifact to download and view From 0401ebf1044c417899ed4c5b3515fb7d7a702436 Mon Sep 17 00:00:00 2001 From: Cristian Herghelegiu Date: Tue, 31 Mar 2026 01:12:42 +0300 Subject: [PATCH 11/11] Update workflow --- .github/workflows/msvc.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index c47cc31..533110a 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -67,6 +67,19 @@ jobs: $sarif | ConvertTo-Json -Depth 100 | Set-Content "${{ steps.run-analysis.outputs.sarif }}" + # - name: Merge SARIF runs + # run: | + # pip install sarif-tools + # python -c " + # import json, glob + # merged = {'version':'2.1.0','runs':[]} + # for f in glob.glob('build/*.sarif'): + # with open(f) as s: + # merged['runs'] += json.load(s)['runs'] + # with open('build/results.sarif','w') as out: + # json.dump(merged, out) + # " + # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub