update workflow files to split codeql analysis for push and PR (#1273)

jacob-ronstadt · web-flow · commit fb21b13a7345 · 2025-03-19T13:56:21.000-07:00
* update workflow files to split codeql analysis for push and PR * test changing a file * remove build all option in script for testing. * Revert "remove build all option in script for testing." This reverts commit 04eb2c3. * Revert "test changing a file" This reverts commit d692051. * combine pr and push analysis files to remove warning about not having on.push trigger. include script changes and file change for testing * remove test changes
diff --git a/.github/workflows/Code-Scanning.yml b/.github/workflows/Code-Scanning.yml
@@ -24,8 +24,9 @@ on:
   workflow_dispatch:
 
 jobs:
-  analyze:
-    name: Analysis
+  analyze-push:
+    name: Analysis-Push
+    if: github.event_name == 'push'
     runs-on: windows-latest
     permissions:
       actions: read
@@ -62,3 +63,46 @@ jobs:
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:${{matrix.language}}"
+  analyze-pr:
+    name: Analysis-PR
+    if: github.event_name == 'pull_request'
+    runs-on: windows-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: c-cpp
+          build-mode: manual
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - name: Install Nuget Packages
+        run: nuget restore .\packages.config -PackagesDirectory .\packages\
+      - name: Get changed files
+        id: get-changed-files
+        uses: tj-actions/changed-files@v41
+        with:
+          separator: ","
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          config-file: microsoft/Windows-Driver-Developer-Supplemental-Tools/config/codeql-config.yml@development
+          packs: +microsoft/windows-drivers@1.2.0-beta
+      - if: matrix.build-mode == 'manual'
+        run: |
+          $changedFiles = "${{ steps.get-changed-files.outputs.all_changed_files }}".Split(',')
+          .\.github\scripts\Build-ChangedSamples.ps1 -ChangedFiles $changedFiles -Verbose
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
