From 9718a3d42584cbf39e88ee7fef712cf70b78424e Mon Sep 17 00:00:00 2001 From: Stephen Griffin Date: Thu, 5 Mar 2026 14:48:02 -0500 Subject: [PATCH 1/4] codeql repro: use windows-2022 and manual msbuild --- .github/workflows/codeql.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 64e890bdc..5f2143888 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -15,7 +15,7 @@ permissions: jobs: analyze: name: Analyze (${{ matrix.language }}) - runs-on: windows-latest + runs-on: windows-2022 permissions: packages: read actions: read @@ -27,7 +27,7 @@ jobs: matrix: include: - language: c-cpp - build-mode: autobuild + build-mode: manual steps: - name: Harden Runner uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 @@ -52,8 +52,12 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - - name: Autobuild - uses: github/codeql-action/autobuild@c793b717bc78562f491db7b0e93a3a178b099162 # v3.29.5 + - name: Build for CodeQL + shell: pwsh + run: | + $vsPath = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -requires Microsoft.Component.MSBuild -property installationPath + $msbuildPath = Join-Path $vsPath "MSBuild\Current\Bin\amd64\msbuild.exe" + & $msbuildPath /m /p:Configuration=Release_Unicode /p:Platform=x64 MFCMapi.sln - name: Perform CodeQL Analysis id: analyze From 06d8189409caff0fb9e9a569f5b4de3dcc4b2479 Mon Sep 17 00:00:00 2001 From: Stephen Griffin Date: Thu, 5 Mar 2026 15:46:20 -0500 Subject: [PATCH 2/4] codeql repro: revert runner to windows-latest --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5f2143888..5f0401ff5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -15,7 +15,7 @@ permissions: jobs: analyze: name: Analyze (${{ matrix.language }}) - runs-on: windows-2022 + runs-on: windows-latest permissions: packages: read actions: read From bf96df6aaff9f5a39ba17b37caa414bb95db2643 Mon Sep 17 00:00:00 2001 From: Stephen Griffin Date: Thu, 5 Mar 2026 16:14:20 -0500 Subject: [PATCH 3/4] update script --- .github/workflows/codeql.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5f0401ff5..54fda134e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -39,6 +39,9 @@ jobs: with: submodules: 'recursive' + - name: Setup MSBuild + uses: microsoft/setup-msbuild@v2 + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v3.29.5 @@ -53,11 +56,7 @@ jobs: # queries: security-extended,security-and-quality - name: Build for CodeQL - shell: pwsh - run: | - $vsPath = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -requires Microsoft.Component.MSBuild -property installationPath - $msbuildPath = Join-Path $vsPath "MSBuild\Current\Bin\amd64\msbuild.exe" - & $msbuildPath /m /p:Configuration=Release_Unicode /p:Platform=x64 MFCMapi.sln + run: msbuild /m /p:Configuration=Release_Unicode /p:Platform=x64 MFCMapi.sln - name: Perform CodeQL Analysis id: analyze From 107435d42deac45e1a87fc8fb9c91b25267910c3 Mon Sep 17 00:00:00 2001 From: Stephen Griffin Date: Fri, 6 Mar 2026 08:38:11 -0500 Subject: [PATCH 4/4] get logs --- .github/workflows/codeql.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 54fda134e..669bb4d97 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -64,6 +64,37 @@ jobs: with: category: "/language:${{matrix.language}}" + - name: Collect CodeQL Troubleshooting Logs + if: always() + shell: pwsh + run: | + $outputDir = Join-Path $env:RUNNER_TEMP "codeql-troubleshooting" + New-Item -Path $outputDir -ItemType Directory -Force | Out-Null + + $sourceRoots = @( + (Join-Path $env:RUNNER_TEMP "codeql_databases"), + (Join-Path $env:RUNNER_TEMP "_github_workflow") + ) + + $patterns = @("*.log", "*.txt", "*.json") + + foreach ($root in $sourceRoots) { + if (Test-Path $root) { + foreach ($pattern in $patterns) { + Get-ChildItem -Path $root -Recurse -File -Filter $pattern -ErrorAction SilentlyContinue | + Copy-Item -Destination $outputDir -Force -ErrorAction SilentlyContinue + } + } + } + + - name: Upload CodeQL Troubleshooting Logs + if: always() + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: codeql-troubleshooting-logs + path: ${{ runner.temp }}/codeql-troubleshooting + if-no-files-found: warn + - name: Upload CodeQL Analysis Results uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: