CodeQL: Add more build combinations and disable run on PR (#3246)

Enhance CodeQL Code Security Analysis: - Add more compilation combinations to build iwasm with different kinds of features - Disable run on PR created and keep nightly run, since the whole time is very long, and will check how to restore run on PR created in the future
2024-03-21 14:18:27 +08:00
parent a86eeb273c
commit e003ee1e29
3 changed files with 256 additions and 39 deletions
--- a/.github/workflows/codeql_fail_on_error.py
+++ b/.github/workflows/codeql_fail_on_error.py
@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+import json
+import sys
+
+# Return whether SARIF file contains error-level results
+def codeql_sarif_contain_error(filename):
+    with open(filename, 'r') as f:
+        s = json.load(f)
+
+    for run in s.get('runs', []):
+        rules_metadata = run['tool']['driver']['rules']
+        if not rules_metadata:
+            rules_metadata = run['tool']['extensions'][0]['rules']
+
+        for res in run.get('results', []):
+            if 'ruleIndex' in res:
+                rule_index = res['ruleIndex']
+            elif 'rule' in res and 'index' in res['rule']:
+                rule_index = res['rule']['index']
+            else:
+                continue
+            try:
+                rule_level = rules_metadata[rule_index]['defaultConfiguration']['level']
+            except IndexError as e:
+                print(e, rule_index, len(rules_metadata))
+            else:
+                if rule_level == 'error':
+                    return True
+    return False
+
+if __name__ == "__main__":
+    if codeql_sarif_contain_error(sys.argv[1]):
+        sys.exit(1)