CodeQL: Add more build combinations and disable run on PR (#3246)

Enhance CodeQL Code Security Analysis:
- Add more compilation combinations to build iwasm with different kinds of features
- Disable run on PR created and keep nightly run, since the whole time is very long,
   and will check how to restore run on PR created in the future

.github/workflows/codeql.yml

@@ -4,20 +4,20 @@
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on:
-  # push:
-  #   branches: [ "main", "master" ]
+  #pull_request:
+  #  types:
+  #    - opened
+  #  branches: '*'
+  #push:
+  #   branches: [ "main" ]
+  # midnight UTC
   schedule:
     - cron: '0 0 * * *'
-  pull_request:
-    branches: '*'
+  # allow to be triggered manually
+  workflow_dispatch:
 
 jobs:
   analyze:
@@ -39,9 +39,6 @@ jobs:
       matrix:
         language: [ 'cpp' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
-        # Use only 'java' to analyze code written in Java, Kotlin or both
-        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
     - name: Checkout repository
@@ -54,29 +51,19 @@ jobs:
       uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
 
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
         queries: security-and-quality
 
-
-    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    #- name: Autobuild
-    #  uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    # Command-line programs to run using the OS shell.
+    # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
     #   If the Autobuild fails above, remove it and uncomment the following three lines.
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
     - run: |
         ./.github/workflows/codeql_buildscript.sh
-
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
       with:
@@ -118,9 +105,9 @@ jobs:
       with:
         name: codeql-results
         path: ${{ steps.step1.outputs.sarif-output }}
-        retention-days: 5
+        retention-days: 10
 
     - name: Fail if an error is found
       run: |
-        ./.github/workflows/fail_on_error.py \
+        ./.github/workflows/codeql_fail_on_error.py \
           ${{ steps.step1.outputs.sarif-output }}/cpp.sarif