From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 21 Feb 2023 12:52:30 +0000 (+0100)
Subject: GHA: add Microsoft C++ Code Analysis
X-Git-Tag: curl-8_0_0~177
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e0db842b2a082dffad4a9fbe31321e9a75c74041;p=thirdparty%2Fcurl.git

GHA: add Microsoft C++ Code Analysis

Closes #10583
---

diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml
new file mode 100644
index 0000000000..4b361e46ca
--- /dev/null
+++ b/.github/workflows/msvc.yml
@@ -0,0 +1,65 @@
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# SPDX-License-Identifier: curl
+#
+# https://github.com/microsoft/msvc-code-analysis-action
+
+name: Microsoft C++ Code Analysis
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+env:
+  # Path to the CMake build directory.
+  build: '${{ github.workspace }}/build'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Analyze
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Configure CMake
+        run: cmake -B ${{ env.build }}
+
+      - name: Build CMake
+        run: cmake --build ${{ env.build }}
+
+      - name: Generate an empty lib1521.c
+        run: |
+          echo "int main(void) { return 0; }" > ${{ env.build }}/tests/libtest/lib1521.c
+
+      - name: Initialize MSVC Code Analysis
+        uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
+        # Provide a unique ID to access the sarif output path
+        id: run-analysis
+        with:
+          cmakeBuildDirectory: ${{ env.build }}
+          # Ruleset file that will determine what checks will be run
+          ruleset: NativeRecommendedRules.ruleset
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+      - name: Upload SARIF to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+      # Upload SARIF file as an Artifact to download and view
+      # - name: Upload SARIF as an Artifact
+      #   uses: actions/upload-artifact@v3
+      #   with:
+      #     name: sarif-file
+      #     path: ${{ steps.run-analysis.outputs.sarif }}