combine pr and push analysis files to remove warning about not having on.push trigger. include script changes and file change for testing

Author: jacob-ronstadt

.github/scripts/Build-ChangedSamples.ps1

@@ -25,12 +25,12 @@ foreach ($file in $ChangedFiles) {
     if ($filename -eq "Build-AllSamples.ps1" -or $filename -eq "Build-Sample.ps1" -or $filename -eq "Build-SampleSet.ps1" -or $filename -eq "exclusions.csv" -or $filename -eq "Directory.Build.props" -or $filename -eq "packages.config") {
         $buildAll = $true
     }
-    if ($dir -like "$root\.github\scripts" -or $dir -like "$root\.github\scripts\*") {
-        $buildAll = $true
-    }
-    if ($dir -like "$root\.github\workflows" -or $dir -like "$root\.github\workflows\*") {
-        $buildAll = $true
-    }
+    # if ($dir -like "$root\.github\scripts" -or $dir -like "$root\.github\scripts\*") {
+    #     $buildAll = $true
+    # }
+    # if ($dir -like "$root\.github\workflows" -or $dir -like "$root\.github\workflows\*") {
+    #     $buildAll = $true
+    # } // Testing. Uncomment this when done
     if ($buildAll)
     {
         Write-Verbose "`u{2754} Full build triggered by change in file $file"

.github/workflows/Code-Scanning-pr.yml

@@ -11,13 +11,22 @@ on:
     paths-ignore:
       - '**.md'
       - 'LICENSE'
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+      - main
+      - develop
+    paths-ignore:
+      - '**.md'
+      - 'LICENSE'
 
   # Allow manual scheduling
   workflow_dispatch:
 
 jobs:
-  analyze:
-    name: Analysis
+  analyze-push:
+    name: Analysis-Push
+    if: github.event_name == 'push'
     runs-on: windows-latest
     permissions:
       actions: read
@@ -54,3 +63,46 @@ jobs:
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:${{matrix.language}}"
+  analyze-pr:
+    name: Analysis-PR
+    if: github.event_name == 'pull_request'
+    runs-on: windows-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: c-cpp
+          build-mode: manual
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - name: Install Nuget Packages
+        run: nuget restore .\packages.config -PackagesDirectory .\packages\
+      - name: Get changed files
+        id: get-changed-files
+        uses: tj-actions/changed-files@v41
+        with:
+          separator: ","
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          config-file: microsoft/Windows-Driver-Developer-Supplemental-Tools/config/codeql-config.yml@development
+          packs: +microsoft/windows-drivers@1.2.0-beta
+      - if: matrix.build-mode == 'manual'
+        run: |
+          $changedFiles = "${{ steps.get-changed-files.outputs.all_changed_files }}".Split(',')
+          .\.github\scripts\Build-ChangedSamples.ps1 -ChangedFiles $changedFiles -Verbose
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/Code-Scanning.yml

@@ -33,7 +33,7 @@ Module Name:
 #pragma alloc_text (PAGE, DispatchPnp)
 #pragma alloc_text (PAGE, DriverUnload)
 #endif
-
+// test changing file for workflow update
 NTSTATUS
 DriverEntry(
     _In_ PDRIVER_OBJECT  DriverObject,