WIP: codeql everywhere

Add codeql to esp32-build.yaml workflow Signed-off-by: Winford <[email protected]>
UncleGrumpy · Feb 9, 2025 · 24ff07d · 24ff07d
1 parent b257211
commit 24ff07d
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/workflows/esp32-build.yaml b/.github/workflows/esp32-build.yaml
@@ -37,6 +37,7 @@ jobs:
 
       matrix:
         esp-idf-target: ["esp32", "esp32c3"]
+        language: ['cpp']
         idf-version:
          - 'v5.0.7'
          - 'v5.1.5'
@@ -53,6 +54,13 @@ jobs:
     - name: Checkout repo
       uses: actions/checkout@v4
 
+    - name: "Initialize CodeQL"
+      if: runner.arch != 'ARM64' && runner.os == 'Linux'
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Build with idf.py
       shell: bash
       working-directory: ./src/platforms/esp32/
@@ -62,13 +70,18 @@ jobs:
         idf.py set-target ${{matrix.esp-idf-target}}
         idf.py build
         idf.py size
+
     - name: Print component size info with idf.py
       shell: bash
       working-directory: ./src/platforms/esp32/
       run: |
         . $IDF_PATH/export.sh
         idf.py size-components
 
+    - name: "Perform CodeQL Analysis"
+      if: runner.arch != 'ARM64' && runner.os == 'Linux'
+      uses: github/codeql-action/analyze@v3
+
     - name: Install dependencies to build host AtomVM and run qemu
       run: |
         set -eu
@@ -177,3 +190,4 @@ jobs:
         . $IDF_PATH/export.sh
         export PATH=/opt/qemu/bin:${PATH}
         pytest --target=${{matrix.esp-idf-target}} --embedded-services=idf,qemu -s
+