From ce785b70c62d2d88d4cda08af0f7dbcf0707c72f Mon Sep 17 00:00:00 2001
From: Thibault Charbonnier <thibaultcha@me.com>
Date: Tue, 6 Feb 2024 17:38:58 -0800
Subject: [PATCH] chore(ci) ignore test assets directories in CodeQL scans

---
 .github/actions/codeql-config.yml         | 6 ++++++
 .github/workflows/job-codeql-analyzer.yml | 6 ++++--
 2 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 .github/actions/codeql-config.yml

diff --git a/.github/actions/codeql-config.yml b/.github/actions/codeql-config.yml
new file mode 100644
index 000000000..05e309048
--- /dev/null
+++ b/.github/actions/codeql-config.yml
@@ -0,0 +1,6 @@
+paths:
+  - src/
+  - lib/
+paths-ignore:
+  - work/
+  - t/
diff --git a/.github/workflows/job-codeql-analyzer.yml b/.github/workflows/job-codeql-analyzer.yml
index 32bf1cd9e..724833866 100644
--- a/.github/workflows/job-codeql-analyzer.yml
+++ b/.github/workflows/job-codeql-analyzer.yml
@@ -40,6 +40,7 @@ jobs:
         uses: github/codeql-action/init@v2
         with:
           languages: ${{ inputs.language }}
+          config-file: ./.github/actions/codeql-config.yml
       - name: 'Setup cache - work/ dir'
         uses: actions/cache@v3
         if: ${{ !env.ACT }}
@@ -69,8 +70,9 @@ jobs:
         uses: advanced-security/filter-sarif@v1
         with:
           patterns: |
-            -**/*     # exclusion: DENY ALL
-            src/**/*  # inclusion
+            -**/*      # exclusion: DENY ALL
+            +src/**/*  # inclusion
+            +lib/**/*  # inclusion
           input: sarif-results/${{ steps.sarif-filename.outputs.name }}.sarif
           output: sarif-results/${{ steps.sarif-filename.outputs.name }}.sarif
       - name: Upload SARIF