From 74f51643c75e024bfee62fc4402ad482a13b25d7 Mon Sep 17 00:00:00 2001
From: Felipe Torrezan <201077479+felipe-iar@users.noreply.github.com>
Date: Sat, 14 Jun 2025 09:13:21 +0200
Subject: [PATCH 1/2] workflow: contextually split the workflow

---
 .github/workflows/ci.yml     | 19 ++---------------
 .github/workflows/codeql.yml | 41 ++++++++++++++++++++++++++++++++++++
 README.md                    |  2 +-
 3 files changed, 44 insertions(+), 18 deletions(-)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b0f9538..07e64a3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,6 +2,8 @@ name: CI
 
 on:
   push:
+    paths-ignore: 
+    - 'README.md'
   workflow_dispatch:
   schedule:
   - cron: '20 16 * * *'
@@ -17,11 +19,6 @@ jobs:
     name: Build tutorial
     runs-on: ubuntu-24.04
     container: ghcr.io/iarsystems/arm
-    permissions:
-      security-events: write
-      actions: read
-      contents: read
-      packages: read
     steps:
     - name: Checkout project
       uses: actions/checkout@v4
@@ -33,15 +30,3 @@ jobs:
     - name: CMake - Build
       working-directory: tutorial
       run: cmake --build build --verbose
-
-    - name: IAR C-STAT Static Analysis
-      working-directory: tutorial
-      run: |
-        ichecks --all --output build/checks.manifest
-        icstat --checks build/checks.manifest --db build/cstat.db --sarif_dir build analyze -- iccarm tutorial.c
-    
-    - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v3
-      with:
-        sarif_file: tutorial/build/tutorial.c.sarif
-        category: cstat-analysis
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..756de0c
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,41 @@
+name: Code Analysis
+
+on:
+  push:
+    paths-ignore: 
+    - 'README.md'
+  workflow_dispatch:
+  schedule:
+  - cron: '30 16 * * *'
+
+# Set a new GitHub Actions Secret named IAR_LMS_BEARER_TOKEN
+# for your repository. The secret is then propagated to an
+# Environment variable used for all jobs within this workflow
+env:
+  IAR_LMS_BEARER_TOKEN: ${{ secrets.IAR_LMS_BEARER_TOKEN }}
+
+jobs:
+  tutorial:
+    name: Analyze tutorial
+    runs-on: ubuntu-24.04
+    container: ghcr.io/iarsystems/arm
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+      packages: read
+    steps:
+    - name: Checkout project
+      uses: actions/checkout@v4
+
+    - name: IAR C-STAT Static Analysis
+      working-directory: tutorial
+      run: |
+        ichecks --all --output build/checks.manifest
+        icstat --checks build/checks.manifest --db build/cstat.db --sarif_dir build analyze -- iccarm tutorial.c
+    
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: tutorial/build/tutorial.c.sarif
+        category: cstat-analysis
diff --git a/README.md b/README.md
index e788ffb..7c2522c 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Building CMake projects with IAR
 
-[![CI](https://github.com/iarsystems/cmake-tutorial/actions/workflows/ci.yml/badge.svg)](https://github.com/iarsystems/cmake-tutorial/actions/workflows/ci.yml)
+[![CI](https://github.com/iarsystems/cmake-tutorial/actions/workflows/ci.yml/badge.svg)](https://github.com/iarsystems/cmake-tutorial/actions/workflows/ci.yml) [![Code Analysis](https://github.com/iarsystems/cmake-tutorial/actions/workflows/codeql.yml/badge.svg)](https://github.com/iarsystems/cmake-tutorial/actions/workflows/codeql.yml)
 
 CMake is an open-source, cross-platform family of tools maintained and supported by Kitware. Among its many features, it essentially provides [Makefile Generators](https://cmake.org/cmake/help/latest/manual/cmake-generators.7.html#id11) and [Ninja Generators](https://cmake.org/cmake/help/latest/manual/cmake-generators.7.html#id12) which compose scripts for cross-compiling C/C++ embedded software projects based on one or more `CMakeLists.txt` configuration files.
 

From 5fa73cc8223942b8371339d4c2c5a2c485b8f622 Mon Sep 17 00:00:00 2001
From: Felipe Torrezan <201077479+felipe-iar@users.noreply.github.com>
Date: Sat, 14 Jun 2025 09:15:15 +0200
Subject: [PATCH 2/2] Fix paths for the working directory

---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 756de0c..1331d4d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,11 +31,11 @@ jobs:
     - name: IAR C-STAT Static Analysis
       working-directory: tutorial
       run: |
-        ichecks --all --output build/checks.manifest
-        icstat --checks build/checks.manifest --db build/cstat.db --sarif_dir build analyze -- iccarm tutorial.c
+        ichecks --all --output checks.manifest
+        icstat --checks checks.manifest --db cstat.db --sarif_dir . analyze -- iccarm tutorial.c
     
     - name: Upload SARIF
       uses: github/codeql-action/upload-sarif@v3
       with:
-        sarif_file: tutorial/build/tutorial.c.sarif
+        sarif_file: tutorial/tutorial.c.sarif
         category: cstat-analysis