From fd50e0309e23bd264557c1dc9699de1923c70d93 Mon Sep 17 00:00:00 2001 From: Andrew Cooper Date: Sat, 24 Sep 2022 19:57:46 +0100 Subject: [PATCH] CI: Add CodeQL static analysis LGTM is deprecated and will cease working in Decemeber, per https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/ Drop the LGTM badges too, as they will stop working as well. Signed-off-by: Andrew Cooper --- .github/workflows/CodeQL.yml | 32 ++++++++++++++++++++++++++++++++ README.md | 3 --- 2 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/CodeQL.yml diff --git a/.github/workflows/CodeQL.yml b/.github/workflows/CodeQL.yml new file mode 100644 index 0000000..bfc844f --- /dev/null +++ b/.github/workflows/CodeQL.yml @@ -0,0 +1,32 @@ +name: CodeQL + +on: + push: + pull_request: + workflow_dispatch: + schedule: + - cron: '30 12 * * 3' # Weekly, Wed at 12:30 pm + +jobs: + CodeQL: + + strategy: + matrix: + bits: ['32', '64'] + lto: [LTO=y, LTO=n] + + runs-on: 'ubuntu-22.04' + + steps: + - uses: actions/checkout@v3 + + - uses: github/codeql-action/init@v2 + with: + languages: cpp + queries: security-and-quality + + - name: Build + run: | + make BITS=${{matrix.bits}} ${{matrix.lto}} + + - uses: github/codeql-action/analyze@v2 diff --git a/README.md b/README.md index 44f8146..df5319e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,4 @@ TrenchBoot Secure Kernel Loader =============================== -[![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/TrenchBoot/secure-kernel-loader.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/TrenchBoot/secure-kernel-loader/context:cpp) -[![Total alerts](https://img.shields.io/lgtm/alerts/g/TrenchBoot/secure-kernel-loader.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/TrenchBoot/secure-kernel-loader/alerts/) - Open source implementation of Secure Loader for AMD Secure Startup.