fix: filter SARIF file before uploading it to GH

sparky-game · Sep 16, 2024 · d8a0b57 · d8a0b57
1 parent 1b62a1e
commit d8a0b57
Showing 1 changed file with 15 additions and 3 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -55,8 +55,6 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: c-cpp
-          config: |
-            paths-ignore: [vendor]
       - name: configure
         run: |
           cmake                                         \
@@ -66,5 +64,19 @@ jobs:
             -DCMAKE_CXX_COMPILER=${{ matrix.cxx-compiler }}
       - name: build
         run: cmake --build build
-      - name: analyze
+      - name: run-codeql
         uses: github/codeql-action/analyze@v3
+        with:
+          output: sarif-results
+          upload: failure-only
+      - name: filter-codeql
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -vendor/*
+          input: sarif-results/c-cpp.sarif
+          output: sarif-results/c-cpp.sarif
+      - name: upload-codeql
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: sarif-results/c-cpp.sarif