Updates to codeql config

* Split c-cpp and python init sections
* Add paths-ignore config for pythin init
* Add json-c wrap during build - increases c codeql coverage

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
new file mode 100644 (file)
index 0000000..d9079fd
--- /dev/null
+++ b/.github/codeql/codeql-config.yml
@@ -0,0 +1,3 @@
+name: "CodeQL Config"\r
+paths-ignore:\r
+  - subprojects/**\r

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 56259239f34e73e2e9b71a3d8b6a68c6cd3007b3..0dc02a8f4b3f147d465cc4db48086a33974f47c0 100644 (file)
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -47,21 +47,22 @@ jobs:
           sudo apt-get install meson
 
     # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
+    - if: matrix.language == 'c-cpp'
+      name: Initialize CodeQL C
       uses: github/codeql-action/init@v2
       with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
+        languages: 'c-cpp'
 
+    - if: matrix.language == 'python'
+      name: Initialize CodeQL Python
+      uses: github/codeql-action/init@v2
+      with:
+        languages: 'python'
+        config-file: ./.github/codeql/codeql-config.yml
+  
     - name: meson build
       run: |
-         meson setup --force-fallback-for=libnvme .build
+         meson setup --force-fallback-for=libnvme,json-c .build
          ninja -C .build
 
     - name: Perform CodeQL Analysis