From 774bb1560f9ded7a55c51404fbfa3d09fda3203c Mon Sep 17 00:00:00 2001
From: Raul Metsma <raul@metsma.ee>
Date: Wed, 21 Dec 2022 09:13:14 +0200
Subject: [PATCH] Setup Code-QL scans (#1143)

IB-7528

Signed-off-by: Raul Metsma <raul@metsma.ee>

Signed-off-by: Raul Metsma <raul@metsma.ee>
---
 .github/workflows/build.yml | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c40a5c7a8..4e3c3b3c6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -261,6 +261,8 @@ jobs:
     name: Run CodeQL tests
     if: github.repository == 'open-eid/DigiDoc4-Client'
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     steps:
     - name: Checkout
       uses: actions/checkout@v3
@@ -282,7 +284,23 @@ jobs:
       uses: github/codeql-action/init@v2
       with:
         languages: cpp
+        queries: +security-and-quality
     - name: Autobuild
       uses: github/codeql-action/autobuild@v2
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
\ No newline at end of file
+      uses: github/codeql-action/analyze@v2
+      with:
+        upload: False
+        output: sarif-results
+    - name: Filter results
+      uses: advanced-security/filter-sarif@develop
+      with:
+        patterns: |
+          -**/*autogen*/**
+          -**:cpp/poorly-documented-function
+        input: sarif-results/cpp.sarif
+        output: sarif-results/cpp.sarif
+    - name: Upload results
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: sarif-results/cpp.sarif