From nobody Sat May 4 03:19:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95823+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95823+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.microsoft.com ARC-Seal: i=1; a=rsa-sha256; t=1667318122; cv=none; d=zohomail.com; s=zohoarc; b=kDNWPUR7bqdcumA3pUUIzknDsaQ5FcyO4gf/iweXAc7DbyvQmA9mCoKKn9bxBIiriB2oEmsYGF/tGQCguMJhr8wGC722r2HA4lO3zhG9/tKZwQCMNLOX/ujcz4bB7yc4IwUGcy6gkuaYUm9kozEIG5d9Q9m4WBfeVc4KAPUKv1o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667318122; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=0yGnSLTSkjq60cgfV3SEDv6nRoXjUp+JE3BYtbzSp4Y=; b=SQsfcUSl5Pbg1zQnQINzvE1shXMdZ06iP+NCUj8AX1zHh58yqYL7EXjht5aGBhHqgEHMwoHCtNHhKWoCKKghGqUB/ifUVzm/VZL05CtbdgC1bhtnGmBcFvzgy8Bnh4eAdJpvwQnF+k5YqGSYcQC8Baj6aqbgLWvT0iTkHkwIfTE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95823+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667318122338577.5809748002205; Tue, 1 Nov 2022 08:55:22 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 2G1wYY1788612xOk06WZuuh3; Tue, 01 Nov 2022 08:55:21 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web12.8224.1667318120529561247 for ; Tue, 01 Nov 2022 08:55:20 -0700 X-Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id 60CE520B929F; Tue, 1 Nov 2022 08:55:19 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 60CE520B929F From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Andrew Fish , Leif Lindholm , Michael D Kinney , Sean Brogan Subject: [edk2-devel] [PATCH v1 1/2] Maintainers.txt: Add .github maintainers and reviewers Date: Tue, 1 Nov 2022 11:54:54 -0400 Message-Id: <20221101155455.1268-2-mikuback@linux.microsoft.com> In-Reply-To: <20221101155455.1268-1-mikuback@linux.microsoft.com> References: <20221101155455.1268-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com X-Gm-Message-State: 5kWJgXNk1jFhTLarB4Fga7L6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667318121; bh=0yGnSLTSkjq60cgfV3SEDv6nRoXjUp+JE3BYtbzSp4Y=; h=Cc:Date:From:Reply-To:Subject:To; b=D3L/Oh1dUDYVxRvBvXS9R/cnxiluxd7si1xfGyNJkawr4SKW0xDGmYyf/q8gNpMIwjz 5VEqqc2G+Z6I3OXRX34Jl4Z3TyGrw/vjiCfUymjgw6P0apR67z26h4+CwfT/kjiH0yR7G bUuIixPvxYbJS+SN6X+prPaQP8zm5aPo1s4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667318124303100001 Content-Type: text/plain; charset="utf-8" From: Michael Kubacki Adds the maintainers and reviewers for the new .github directory being added to hold GitHub workflows files. Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Cc: Sean Brogan Signed-off-by: Michael Kubacki --- Maintainers.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Maintainers.txt b/Maintainers.txt index 889990fa566f..a2727fa7bd42 100644 --- a/Maintainers.txt +++ b/Maintainers.txt @@ -117,6 +117,12 @@ M: Michael Kubacki [mak= ubacki] R: Michael D Kinney [mdkinney] R: Liming Gao [lgao4] =20 +.github/ +F: .github/ +M: Sean Brogan [spbrogan] +M: Michael Kubacki [makubacki] +R: Michael D Kinney [mdkinney] + .mergify/ F: .mergify/ M: Michael D Kinney [mdkinney] --=20 2.28.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95823): https://edk2.groups.io/g/devel/message/95823 Mute This Topic: https://groups.io/mt/94713563/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 4 03:19:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95824+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95824+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.microsoft.com ARC-Seal: i=1; a=rsa-sha256; t=1667318124; cv=none; d=zohomail.com; s=zohoarc; b=goJq1lEmPKx5oNFA0Ur6YBlGoUfqRroWytb6XWlQHL8RsepPkUeD8Do8bwpjEWqWYHsJv+nMJX6QQ+4iaWXD5E2y8ZmZ7FJ2UJGWCIc/MsgjDawPcXBkLyxrbY7juK9T9vHrVwtbdwIIzkItzITofFzhmZ4Nj/26V3aMVyV7Upk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667318124; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YtV8dWj5GSYUulyDmD9PZ+wgvOoBZW6rJmRC4+2D2SQ=; b=hzVLEZaa/ayCEAhewxqwBn23VI7m/gwt+A7Aw+f/n81MWHeymt4Q5XO/kpDetpC786lISweMCZmkegYMB3mVrRvJtAoNivVF0QtBh7G8nhi+zUnBbRFLuHMGNCl+YgmR4iDaQ0T97S6l0VaO5qF0oK9zn834Y5fo+tMNDtKFFbQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95824+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 166731812425046.87396659039507; Tue, 1 Nov 2022 08:55:24 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id t2LlYY1788612xwt5Rl7vzX7; Tue, 01 Nov 2022 08:55:23 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web12.8225.1667318123310379911 for ; Tue, 01 Nov 2022 08:55:23 -0700 X-Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id 6DB40205D3B6; Tue, 1 Nov 2022 08:55:22 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 6DB40205D3B6 From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Sean Brogan , Michael D Kinney , Liming Gao Subject: [edk2-devel] [PATCH v1 2/2] .github: Add initial CodeQL config and workflow files Date: Tue, 1 Nov 2022 11:54:55 -0400 Message-Id: <20221101155455.1268-3-mikuback@linux.microsoft.com> In-Reply-To: <20221101155455.1268-1-mikuback@linux.microsoft.com> References: <20221101155455.1268-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com X-Gm-Message-State: qGWgPYsiRZYOvTNyo6n3DTSdx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667318123; bh=qmy1epDmWChyldliv5C8Z/xfWTq7RnuDIAmdNE3PV78=; h=Cc:Date:From:Reply-To:Subject:To; b=hcXYe0ThyRUFDuuj/oPidkeXImaNQ8gQdEdmI70c/7RT54ptgqrWYGF8VQdsGTMfNyd GMvf6AdAVcOZFcM/l21hdDmJb6jFKTaajyQx0wT0/cuJJ5PwDdbVsdd0s6323AsOdxZep G5fGQijTAWSQgH2I1C+aern74Gch+GxNH8c= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667318126175100003 Content-Type: text/plain; charset="utf-8" From: Michael Kubacki REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4115 Adds initial support for enabling CodeQL Code Scanning in this repository per the RFC: https://github.com/tianocore/edk2/discussions/3258 Adds the following new files: - .github/workflows/codql-analysis.yml - The main GitHub workflow file used to setup CodeQL in the repo. - .github/codeql/codeql-config.yml - The main CodeQL configuration file used to customize the queries and other resources the repo is using for CodeQL. Cc: Sean Brogan Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Michael Kubacki --- .github/codeql/codeql-config.yml | 30 ++++++ .github/codeql/edk2.qls | 12 +++ .github/workflows/codeql-analysis.yml | 102 ++++++++++++++++++++ 3 files changed, 144 insertions(+) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-confi= g.yml new file mode 100644 index 000000000000..3e27c2fb0d28 --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,30 @@ +## @file +# CodeQL configuration file for edk2. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +name: "CodeQL config" + +# The following line disables the default queries. This is used because we= want to enable on query at a time by +# explicitly specifying each query in a "queries" array as they are enable= d. +# +# See the following for more information about adding custom queries: +# https://docs.github.com/en/code-security/code-scanning/automatically-sca= nning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#us= ing-a-custom-configuration-file + +#disable-default-queries: true + +queries: + - name: EDK2 CodeQL Query List + uses: ./.github/codeql/edk2.qls + +# We must specify a query for CodeQL to run. Until the first query is enab= led, enable the security query suite but +# exclude all problem levels from impacting the results. After the first q= uery is enabled, this filter can be relaxed +# to find the level of problems desired from the query. +query-filters: +- exclude: + problem.severity: + - error + - warning + - recommendation diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls new file mode 100644 index 000000000000..0efc7dca52db --- /dev/null +++ b/.github/codeql/edk2.qls @@ -0,0 +1,12 @@ +--- +- description: EDK2 (C++) queries + +# Bring in all queries from the official cpp-queries suite so individual q= ueries can be explicitly enabled. + +- queries: '.' + from: codeql/cpp-queries + +# Enable individual queries below. + +- include: + id: cpp/conditionallyuninitializedvariable diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/code= ql-analysis.yml new file mode 100644 index 000000000000..c3227d015477 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,102 @@ +# @file +# GitHub Workflow for CodeQL Analysis +# +# Copyright (c) Microsoft Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +name: "CodeQL" + +on: + push: + branches: + - master + pull_request: + branches: + - master + paths-ignore: + - '**/*.bat' + - '**/*.md' + - '**/*.py' + - '**/*.rst' + - '**/*.sh' + - '**/*.txt' + + schedule: + # https://crontab.guru/#20_23_*_*_4 + - cron: '20 23 * * 4' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + package: [ + "ArmPkg", + "CryptoPkg", + "DynamicTablesPkg", + "FatPkg", + "FmpDevicePkg", + "IntelFsp2Pkg", + "IntelFsp2WrapperPkg", + "MdeModulePkg", + "MdePkg", + "PcAtChipsetPkg", + "PrmPkg", + "SecurityPkg", + "ShellPkg", + "SourceLevelDebugPkg", + "StandaloneMmPkg", + "UefiCpuPkg", + "UnitTestFrameworkPkg"] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: 'cpp' + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', '= python', 'ruby' ] + # Learn more about CodeQL language support at https://codeql.githu= b.com/docs/codeql-overview/supported-languages-and-frameworks/ + config-file: ./.github/codeql/codeql-config.yml + # Note: Add new queries to codeql-config.yml file as they are enab= led. + + - name: Install/Upgrade pip Modules + run: pip install -r pip-requirements.txt --upgrade + + - name: Use Node.js 19.x + uses: actions/setup-node@v3 + with: + node-version: 19.x + + - name: Update apt + run: sudo apt-get update + + - name: Install required tools + run: sudo apt-get install gcc g++ make uuid-dev + + - name: Setup + run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a IA32,X64 TOOL= _CHAIN_TAG=3DGCC5 + + - name: Update + run: stuart_update -c .pytool/CISettings.py -t DEBUG -a IA32,X64 TOO= L_CHAIN_TAG=3DGCC5 + + - name: Build Tools From Source + run: python BaseTools/Edk2ToolsBuild.py -t GCC5 + + - name: CI Build + run: stuart_ci_build -c .pytool/CISettings.py -p ${{ matrix.package = }} -t DEBUG -a IA32,X64 TOOL_CHAIN_TAG=3DGCC5 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 --=20 2.28.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95824): https://edk2.groups.io/g/devel/message/95824 Mute This Topic: https://groups.io/mt/94713566/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-