CI CodeQL: Code Filter

C++ analysis does not yet support
ECP-WarpX · Dec 12, 2022 · e8378ee · e8378ee
1 parent 3cc287d
commit e8378ee
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/.github/codeql/impactx-codeql.yml b/.github/codeql/impactx-codeql.yml
@@ -1,5 +1,6 @@
 name: "ImpactX CodeQL config"
 
 # ignore ABLASTR, AMReX, pyAMReX, openPMD et al.
+# note: not yet suppored, thus doing post-analysis SARIF filtering
 paths-ignore:
   - build/_deps
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -68,3 +68,23 @@ jobs:
         uses: github/codeql-action/analyze@v2
         with:
           category: "/language:${{ matrix.language }}"
+          upload: False
+          output: sarif-results
+
+      - name: filter-sarif
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -build/_deps/*/*
+            -build/_deps/*/*/*
+            -build/_deps/*/*/*/*
+            -build/_deps/*/*/*/*/*
+            -build/_deps/*/*/*/*/*/*
+            -build/_deps/*/*/*/*/*/*/*
+          input: sarif-results/${{ matrix.language }}.sarif
+          output: sarif-results/${{ matrix.language }}.sarif
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: sarif-results/${{ matrix.language }}.sarif