From 0bbbae9736c0cbdd97d78b13f6c778884b3a5256 Mon Sep 17 00:00:00 2001
From: Nick Banks <nibanks@microsoft.com>
Date: Thu, 26 Dec 2024 14:38:50 -0600
Subject: [PATCH 1/6] Add CodeQL to Build Action

---
 .github/workflows/build.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d0a523d..313c290 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -53,9 +53,21 @@ jobs:
     - name: Install NASM
       if: runner.os == 'Windows'
       uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028
+    - name: Initialize CodeQL
+      if: ${{ matrix.os }} == 'ubuntu' && ${{ matrix.arch }} == 'x64' && ${{ matrix.link }} == 'shared'
+      uses: github/codeql-action/init@v3
+      with:
+        languages: c-cpp
+        build-mode: manual
     - name: Build
       shell: pwsh
       run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
+    - name: Perform CodeQL Analysis
+      if: ${{ matrix.os }} == 'ubuntu' && ${{ matrix.arch }} == 'x64' && ${{ matrix.link }} == 'shared'
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:c-cpp"
+        paths-ignore: msquic/**
     - name: Upload
       uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
       with:

From d1ab1e4a0efc83f23ca71340ccbcfe4b3605dc34 Mon Sep 17 00:00:00 2001
From: Nick Banks <nibanks@microsoft.com>
Date: Thu, 26 Dec 2024 14:47:45 -0600
Subject: [PATCH 2/6] Fix CodeQL condition syntax in build.yml

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 313c290..79203eb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -54,7 +54,7 @@ jobs:
       if: runner.os == 'Windows'
       uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028
     - name: Initialize CodeQL
-      if: ${{ matrix.os }} == 'ubuntu' && ${{ matrix.arch }} == 'x64' && ${{ matrix.link }} == 'shared'
+      if: ${{ matrix.os == 'ubuntu' && matrix.arch == 'x64' && matrix.link == 'shared' }}
       uses: github/codeql-action/init@v3
       with:
         languages: c-cpp
@@ -63,7 +63,7 @@ jobs:
       shell: pwsh
       run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
     - name: Perform CodeQL Analysis
-      if: ${{ matrix.os }} == 'ubuntu' && ${{ matrix.arch }} == 'x64' && ${{ matrix.link }} == 'shared'
+      if: ${{ matrix.os == 'ubuntu' && matrix.arch == 'x64' && matrix.link == 'shared' }}
       uses: github/codeql-action/analyze@v3
       with:
         category: "/language:c-cpp"

From 7977f12e251c7b0b2fd74368d62c8b8e4412f45f Mon Sep 17 00:00:00 2001
From: Nick Banks <nibanks@microsoft.com>
Date: Thu, 26 Dec 2024 14:53:25 -0600
Subject: [PATCH 3/6] Fix conditional syntax in build workflow

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 79203eb..d38be0a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -54,7 +54,7 @@ jobs:
       if: runner.os == 'Windows'
       uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028
     - name: Initialize CodeQL
-      if: ${{ matrix.os == 'ubuntu' && matrix.arch == 'x64' && matrix.link == 'shared' }}
+      if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
       uses: github/codeql-action/init@v3
       with:
         languages: c-cpp
@@ -63,7 +63,7 @@ jobs:
       shell: pwsh
       run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
     - name: Perform CodeQL Analysis
-      if: ${{ matrix.os == 'ubuntu' && matrix.arch == 'x64' && matrix.link == 'shared' }}
+      if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
       uses: github/codeql-action/analyze@v3
       with:
         category: "/language:c-cpp"

From a9dc4e79804ebe2ef46160044f32146d51948d62 Mon Sep 17 00:00:00 2001
From: Nick Banks <nibanks@microsoft.com>
Date: Thu, 26 Dec 2024 15:03:01 -0600
Subject: [PATCH 4/6] Ignore msquic path in CodeQL analysis

---
 .github/workflows/build.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d38be0a..65742b2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -59,6 +59,9 @@ jobs:
       with:
         languages: c-cpp
         build-mode: manual
+        config: |
+          paths-ignore:
+            - msquic
     - name: Build
       shell: pwsh
       run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
@@ -67,7 +70,6 @@ jobs:
       uses: github/codeql-action/analyze@v3
       with:
         category: "/language:c-cpp"
-        paths-ignore: msquic/**
     - name: Upload
       uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
       with:

From d4e4d2b90c7bbd7d3a51ecfce11c77a91ff3f1b6 Mon Sep 17 00:00:00 2001
From: Nick Banks <nibanks@microsoft.com>
Date: Thu, 26 Dec 2024 15:11:19 -0600
Subject: [PATCH 5/6] Delete .github/codeql/codeql-config.yml

---
 .github/codeql/codeql-config.yml | 4 ----
 1 file changed, 4 deletions(-)
 delete mode 100644 .github/codeql/codeql-config.yml

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
deleted file mode 100644
index d37d9e2..0000000
--- a/.github/codeql/codeql-config.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-name: "CodeQL config"
-
-paths-ignore:
-  - msquic

From 07f87aa18b8b5d882c2780ad4c9a0464a89629da Mon Sep 17 00:00:00 2001
From: Nick Banks <nibanks@microsoft.com>
Date: Thu, 26 Dec 2024 15:16:52 -0600
Subject: [PATCH 6/6] Update CodeQL action versions in build.yml

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 65742b2..4734957 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -55,7 +55,7 @@ jobs:
       uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028
     - name: Initialize CodeQL
       if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
       with:
         languages: c-cpp
         build-mode: manual
@@ -67,7 +67,7 @@ jobs:
       run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
     - name: Perform CodeQL Analysis
       if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
       with:
         category: "/language:c-cpp"
     - name: Upload