From e43d8d90fafa2d4dce92da64a9462397615ad185 Mon Sep 17 00:00:00 2001
From: classabbyamp <5366828+classabbyamp@users.noreply.github.com>
Date: Wed, 30 Nov 2022 13:44:14 -0500
Subject: [PATCH] CI: migrate from LGTM to Github CodeQL

Github now runs the same service:
https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/
---
 .github/codeql/codeql-config.yaml |  5 ++++
 .github/workflows/codeql.yaml     | 48 +++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 .github/codeql/codeql-config.yaml
 create mode 100644 .github/workflows/codeql.yaml

diff --git a/.github/codeql/codeql-config.yaml b/.github/codeql/codeql-config.yaml
new file mode 100644
index 00000000..8f5b13e5
--- /dev/null
+++ b/.github/codeql/codeql-config.yaml
@@ -0,0 +1,5 @@
+queries:
+  - uses: security-extended
+  - uses: security-and-quality
+paths-ignore:
+  - tests/**
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 00000000..18b5dcdc
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,48 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '0 0 * * 0'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    container:
+      image: ghcr.io/void-linux/void-linux:20220530rc01-full-x86_64
+    steps:
+    - name: Prepare container
+      run: |
+        xbps-install -Syu || xbps-install -yu xbps
+        # node-based actions require libstdc++.so.6
+        xbps-install -Sy \
+          libstdc++ git \
+          gcc make pkg-config zlib-devel openssl-devel libarchive-devel
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - run: git config --global --add safe.directory $(pwd)
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: cpp
+        config-file: ./.github/codeql/codeql-config.yaml
+    - name: Build xbps
+      run: |
+          ./configure
+          make -j
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:cpp"