From 538581d8e89e22c45f2c30ac4dcc6f5da94619d4 Mon Sep 17 00:00:00 2001
From: Hartmut Kaiser <hartmut.kaiser@gmail.com>
Date: Sun, 12 May 2024 11:04:55 -0500
Subject: [PATCH] Create codeql.yml and msvc_analysis.yml

---
 .github/workflows/codeql.yml        | 71 +++++++++++++++++++++++++++++
 .github/workflows/msvc_analysis.yml | 70 ++++++++++++++++++++++++++++
 2 files changed, 141 insertions(+)
 create mode 100644 .github/workflows/codeql.yml
 create mode 100644 .github/workflows/msvc_analysis.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000000..cf0055bd16e6
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,71 @@
+# Copyright (c) 2024 The STE||AR Group
+#
+# SPDX-License-Identifier: BSL-1.0
+# Distributed under the Boost Software License, Version 1.0. (See accompanying
+# file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "release**" ]
+  pull_request:
+    branches: [ "master", "release**" ]
+#  schedule:
+#    - cron: '33 1 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: c-cpp
+          build-mode: manual
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+
+    - name: Install CMake
+      uses: ssrobins/install-cmake@v1
+
+    - name: Install Ninja
+      uses: seanmiddleditch/gha-setup-ninja@master
+
+    - if: matrix.build-mode == 'manual'
+      run: |
+          cmake . -Bbuild -GNinja \
+              -DCMAKE_BUILD_TYPE=Release \
+              -DHPX_WITH_MALLOC=system \
+              -DHPX_WITH_FETCH_ASIO=ON \
+              -DHPX_WITH_FETCH_BOOST=ON \
+              -DHPX_WITH_FETCH_HWLOC=ON \
+              -DHPX_WITH_EXAMPLES=OFF \
+              -DHPX_WITH_TESTS=OFF
+          cmake --build build --target all
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/msvc_analysis.yml b/.github/workflows/msvc_analysis.yml
new file mode 100644
index 000000000000..45e149a269e4
--- /dev/null
+++ b/.github/workflows/msvc_analysis.yml
@@ -0,0 +1,70 @@
+# Copyright (c) 2024 The STE||AR Group
+#
+# SPDX-License-Identifier: BSL-1.0
+# Distributed under the Boost Software License, Version 1.0. (See accompanying
+# file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+
+name: Microsoft C++ Code Analysis
+
+on:
+  push:
+    branches: [ "master", "release**" ]
+  pull_request:
+    branches: [ "master" ]
+#  schedule:
+#    - cron: '36 12 * * 4'
+
+env:
+  # Path to the CMake build directory.
+  build: '${{ github.workspace }}/build'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    permissions:
+      contents: read            # for actions/checkout to fetch code
+      security-events: write    # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read             # only required for a private repository by github/codeql-action/upload-sarif
+                                # to get the Action run status
+    name: Analyze
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Configure CMake
+        shell: bash
+        run: |
+            cmake . -B ${{ env.build }} -G'Visual Studio 17 2022' \
+              -DCMAKE_BUILD_TYPE=Release \
+              -DHPX_WITH_MALLOC=system \
+              -DHPX_WITH_FETCH_ASIO=ON \
+              -DHPX_WITH_FETCH_BOOST=ON \
+              -DHPX_WITH_FETCH_HWLOC=ON \
+              -DHPX_WITH_EXAMPLES=OFF \
+              -DHPX_WITH_TESTS=OFF
+
+      - name: Initialize MSVC Code Analysis
+        uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
+        # Provide a unique ID to access the sarif output path
+        id: run-analysis
+        with:
+          cmakeBuildDirectory: ${{ env.build }}
+          # Ruleset file that will determine what checks will be run
+          ruleset: NativeRecommendedRules.ruleset
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+      - name: Upload SARIF to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+      # Upload SARIF file as an Artifact to download and view
+      - name: Upload SARIF as an Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sarif-file
+          path: ${{ steps.run-analysis.outputs.sarif }}