Run codeql anaysis on all platforms

Add codeql to esp32-build.yaml workflow
Add codeql to pico-build.yaml workflow
Add codeql to stm32-build.yaml workflow
Add codeql to wasm-build.yaml workflow

Signed-off-by: Winford <[email protected]>

.github/workflows/esp32-build.yaml

@@ -37,6 +37,7 @@ jobs:
 
       matrix:
         esp-idf-target: ["esp32", "esp32c3"]
+        language: ['cpp']
         idf-version:
          - 'v5.0.7'
          - 'v5.1.5'
@@ -53,6 +54,13 @@ jobs:
     - name: Checkout repo
       uses: actions/checkout@v4
 
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        mode: manual
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Build with idf.py
       shell: bash
       working-directory: ./src/platforms/esp32/
@@ -69,6 +77,9 @@ jobs:
         . $IDF_PATH/export.sh
         idf.py size-components
 
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+
     - name: Install dependencies to build host AtomVM and run qemu
       run: |
         set -eu

.github/workflows/pico-build.yaml

@@ -37,6 +37,7 @@ jobs:
     strategy:
       matrix:
         board: ["pico", "pico_w"]
+        language: ["cpp"]
 
     steps:
     - name: Checkout repo
@@ -48,6 +49,13 @@ jobs:
     - name: "Install deps"
       run: sudo apt install -y cmake gperf ninja-build gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib erlang-base erlang-dialyzer
 
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        mode: manual
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Build
       shell: bash
       working-directory: ./src/platforms/rp2040/
@@ -58,6 +66,9 @@ jobs:
         cmake .. -G Ninja -DPICO_BOARD=${{ matrix.board }}
         ninja
 
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+
     - name: Install nvm and nodejs 20
       run: |
         set -euo pipefail

.github/workflows/stm32-build.yaml

@@ -63,6 +63,13 @@ jobs:
     - name: Checkout repo
       uses: actions/checkout@v4
 
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: 'cpp'
+        mode: manual
+        queries: +./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql
+
     - name: Build
       shell: bash
       working-directory: ./src/platforms/stm32/
@@ -73,3 +80,6 @@ jobs:
         # -DAVM_WARNINGS_ARE_ERRORS=ON
         cmake .. -DCMAKE_TOOLCHAIN_FILE=cmake/arm-toolchain.cmake -DLIBOPENCM3_DIR=/home/runner/libopencm3
         make -j
+
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3

.github/workflows/wasm-build.yaml

@@ -33,13 +33,31 @@ jobs:
   compile_tests:
     runs-on: ubuntu-24.04
     container: erlang:27
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["cpp", "javascript"]
+        include:
+        - language: "cpp"
+          query: "+./code-queries/term-to-non-term-func.ql,./code-queries/non-term-to-term-func.ql"
+        - language: "javascript"
+          query: ""
+
     steps:
     - name: Checkout repo
       uses: actions/checkout@v4
 
     - name: Install required packages
       run: apt update && apt install -y gperf zlib1g-dev cmake ninja-build
 
+    - name: "Initialize CodeQL"
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{matrix.language}}
+        mode: manual
+        queries: ${{matrix.query}}
+
     - name: Compile AtomVM and test modules
       run: |
         set -e
@@ -49,6 +67,9 @@ jobs:
         # test_eavmlib does not work with wasm due to http + ssl test
         ninja AtomVM atomvmlib test_alisp hello_world run_script call_cast html5_events wasm_webserver
 
+    - name: "Perform CodeQL Analysis"
+      uses: github/codeql-action/analyze@v3
+
     - name: Upload AtomVM and test modules
       uses: actions/upload-artifact@v4
       with:

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Added the ability to run beams from the CLI for Generic Unix platform (it was already possible with nodejs and emscripten).
 - Added preliminary support for ESP32P4 (no networking support yet).
+- CodeQL action runs on all platforms
 
 ### Fixed