feat: codeql check added

jerzyjamroz · jerzyjamroz · commit 656e9a5bc863 · 2025-08-22T12:02:52.000+02:00
diff --git a/.github/codeql/config.yml b/.github/codeql/config.yml
@@ -0,0 +1,22 @@
+name: "CodeQL Config"
+
+# Queries and the suites they belong to are documented at
+#    https://codeql.github.com/codeql-query-help/cpp/
+
+queries:
+  - uses: security-and-quality
+  # Choose the above from 3 query suites:
+  #   default
+  #      The default set of queries
+  #   security-extended
+  #      `default` suite plus lower severity and precision queries
+  #   security-and-quality
+  #      `security-extended`, plus maintainability and reliability queries
+
+query-filters:
+-
+  exclude:
+    id: cpp/use-of-goto
+-
+  exclude:
+    problem.severity: recommendation
diff --git a/.github/workflows/module-build.yml b/.github/workflows/module-build.yml
@@ -5,7 +5,7 @@
 
 # Set the 'name:' properties to values that work for you (pvxs)
 
-name: devlib2
+name: Module Build and Test
 
 # Trigger on pushes and PRs to any branch
 on:
diff --git a/.github/workflows/module-codeql.yml b/.github/workflows/module-codeql.yml
@@ -0,0 +1,67 @@
+name: CodeQL Module
+
+on:
+  push:
+    branches: [master, gha]
+    paths:
+      - ".github/workflows/module-codeql.yml"
+      - "common/**"
+      - "linux/**"
+      - "exploreApp/**"
+      - "pciApp/**"
+      - "vmeApp/**"
+  pull_request:
+    branches: [master]
+    paths:
+      - ".github/workflows/module-codeql.yml"
+      - "common/**"
+      - "linux/**"
+      - "exploreApp/**"
+      - "pciApp/**"
+      - "vmeApp/**"
+
+permissions:
+  contents: read
+  security-events: write
+
+env:
+  SETUP_PATH: .ci-local:.ci
+  BASE: "7.0"
+  CMP: gcc
+  BCFG: default
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Deps
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install qemu-system-x86 gdb
+
+      - name: Prepare deps (ci-scripts)
+        run: python3 .ci/cue.py prepare
+
+      - name: Initialize CodeQL (manual build)
+        uses: github/codeql-action/init@v3
+        with:
+          languages: cpp
+          build-mode: manual
+          config-file: ./.github/codeql/config.yml
+
+      - name: Build (ci-scripts)
+        run: |
+          python3 .ci/cue.py build
+
+      - name: Analyze
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:cpp"
