From e8378eeaef35611a63fd16bdafedc44149d280ff Mon Sep 17 00:00:00 2001
From: Axel Huebl <axel.huebl@plasma.ninja>
Date: Mon, 12 Dec 2022 09:22:16 -0800
Subject: [PATCH] CI CodeQL: Code Filter

C++ analysis does not yet support
---
 .github/codeql/impactx-codeql.yml |  1 +
 .github/workflows/codeql.yml      | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/.github/codeql/impactx-codeql.yml b/.github/codeql/impactx-codeql.yml
index fb052af00..83ffdb8e5 100644
--- a/.github/codeql/impactx-codeql.yml
+++ b/.github/codeql/impactx-codeql.yml
@@ -1,5 +1,6 @@
 name: "ImpactX CodeQL config"
 
 # ignore ABLASTR, AMReX, pyAMReX, openPMD et al.
+# note: not yet suppored, thus doing post-analysis SARIF filtering
 paths-ignore:
   - build/_deps
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 77dcd4d30..796a0c375 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -68,3 +68,23 @@ jobs:
         uses: github/codeql-action/analyze@v2
         with:
           category: "/language:${{ matrix.language }}"
+          upload: False
+          output: sarif-results
+
+      - name: filter-sarif
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -build/_deps/*/*
+            -build/_deps/*/*/*
+            -build/_deps/*/*/*/*
+            -build/_deps/*/*/*/*/*
+            -build/_deps/*/*/*/*/*/*
+            -build/_deps/*/*/*/*/*/*/*
+          input: sarif-results/${{ matrix.language }}.sarif
+          output: sarif-results/${{ matrix.language }}.sarif
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: sarif-results/${{ matrix.language }}.sarif