From d4502566afe5d4d23fecd3504ba49e87995c622f Mon Sep 17 00:00:00 2001 From: mnieto Date: Wed, 9 Jul 2025 22:04:47 +0200 Subject: [PATCH 1/8] ci: Add CodeQL analysis and SARIF report upload steps --- .github/workflows/codeql.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 350f189..18d6829 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -77,6 +77,12 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis + id: Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" + + - name: Upload SARIF report + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: ${{ steps.Analysis.outputs.sarif_file }} From 04aee246baa8d5798b10a16ebcbe77310efe09eb Mon Sep 17 00:00:00 2001 From: mnieto Date: Wed, 9 Jul 2025 22:33:10 +0200 Subject: [PATCH 2/8] fix: Update SARIF report upload path in CodeQL workflow --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 18d6829..05e9ad5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -85,4 +85,4 @@ jobs: - name: Upload SARIF report uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: ${{ steps.Analysis.outputs.sarif_file }} + sarif_file: ${{ github.workspace }}/results/*.sarif From 93b6230012e06f89dc628052ac421afd32e59ec5 Mon Sep 17 00:00:00 2001 From: mnieto Date: Wed, 9 Jul 2025 22:38:20 +0200 Subject: [PATCH 3/8] fix: Update SARIF report file path in CodeQL workflow --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 05e9ad5..4f045d8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -85,4 +85,4 @@ jobs: - name: Upload SARIF report uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: ${{ github.workspace }}/results/*.sarif + sarif_file: ${{ github.workspace }}/../results/*.sarif From 8f4eee13437b02e2763657e9e68e85f7c67af3ad Mon Sep 17 00:00:00 2001 From: mnieto Date: Wed, 9 Jul 2025 22:44:14 +0200 Subject: [PATCH 4/8] fix: Update SARIF report file path in CodeQL workflow --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4f045d8..354682e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -85,4 +85,4 @@ jobs: - name: Upload SARIF report uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: ${{ github.workspace }}/../results/*.sarif + sarif_file: ${{ github.workspace }}/../results/csharp.sarif From d560da4cd0627d66e071f1949c95ae6c0495bb0e Mon Sep 17 00:00:00 2001 From: mnieto Date: Thu, 10 Jul 2025 00:07:04 +0200 Subject: [PATCH 5/8] fix: Remove SARIF report upload step from CodeQL workflow --- .github/workflows/codeql.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 354682e..6389cdc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -82,7 +82,3 @@ jobs: with: category: "/language:${{matrix.language}}" - - name: Upload SARIF report - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: ${{ github.workspace }}/../results/csharp.sarif From 67de78f3b2fdfd46e7cf4f56ed0a0d9cb97f1804 Mon Sep 17 00:00:00 2001 From: mnieto Date: Sat, 12 Jul 2025 16:39:32 +0200 Subject: [PATCH 6/8] fix: Add step to upload CodeQL results as artifacts --- .github/workflows/codeql.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6389cdc..54bdbb8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -82,3 +82,8 @@ jobs: with: category: "/language:${{matrix.language}}" + - name: Upload CodeQL results + uses: actions/upload-artifact@v4 + with: + name: codeql-results-${{ matrix.language }} + path: ${{ github.workspace }}/../results/*.sarif \ No newline at end of file From a4236fedfc0df50ee603abb460ad299702f93b01 Mon Sep 17 00:00:00 2001 From: mnieto Date: Sat, 12 Jul 2025 17:12:38 +0200 Subject: [PATCH 7/8] fix: Update artifact path for CodeQL results upload --- .github/workflows/codeql.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 54bdbb8..4c05b9f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -82,8 +82,11 @@ jobs: with: category: "/language:${{matrix.language}}" + - name: Prepare upload artifact + run: | + echo "artifacts_path=${{ github.workspace }} ..)" >> $GITHUB_ENV - name: Upload CodeQL results uses: actions/upload-artifact@v4 with: name: codeql-results-${{ matrix.language }} - path: ${{ github.workspace }}/../results/*.sarif \ No newline at end of file + path: ${{ env.artifacts_path }}/results/*.sarif \ No newline at end of file From 2dd6f90a74d60fc7601b08eef0bae60f83c9bc5a Mon Sep 17 00:00:00 2001 From: mnieto Date: Sat, 12 Jul 2025 17:27:37 +0200 Subject: [PATCH 8/8] fix: Correct artifact path calculation in CodeQL workflow --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4c05b9f..52a78cb 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -84,7 +84,7 @@ jobs: - name: Prepare upload artifact run: | - echo "artifacts_path=${{ github.workspace }} ..)" >> $GITHUB_ENV + echo "artifacts_path=$(dirname ${{ github.workspace }})" >> $GITHUB_ENV - name: Upload CodeQL results uses: actions/upload-artifact@v4 with: