added initial prototype CodeQL SAST Github Actions workflow

.github/workflows/codeql.yml

@@ -0,0 +1,54 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+
+name: "CodeQL"
+
+on:
+  # push:
+  #   branches: [ "develop" ]
+  pull_request:
+    branches: [ "develop" ]
+
+jobs:
+  analyze:
+    name: CodeQL Analyze
+    runs-on: [self-hosted, triloamd01]
+    # timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+    #    queries: +security-extended
+
+
+    # Turning off tests to reduce build time and to only scan relevant source code
+    # Turning off Krino package due to build errors associated with turning off tests
+    - run: |
+        bash -l -c "./packages/framework/get_dependencies.sh --container"
+        bash -l -c "mkdir -p trilinos_build && cd trilinos_build; source ../packages/framework/GenConfig/gen-config.sh rhel8_gcc-openmpi_debug_shared_no-kokkos-arch_no-asan_complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_all-no-epetra .."
+        bash -l -c "cd trilinos_build ; cmake -G Ninja -DTrilinos_ENABLE_TESTS=OFF -DTrilinos_ENABLE_Krino=OFF .."
+        bash -l -c "cd trilinos_build ; ninja"
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"
+

packages/framework/ini-files/config-specs.ini

@@ -2861,6 +2861,7 @@ opt-set-cmake-var CMAKE_CXX_FLAGS                                            STR
 
 opt-set-cmake-var TPL_ENABLE_SuperLU BOOL FORCE: OFF
 
+opt-set-cmake-var SEACASAprepro_lib_aprepro_lib_array_test_DISABLE BOOL : ON
 
 use GCC_PACKAGE_SPECIFIC_WARNING_FLAGS
 
@@ -2871,6 +2872,10 @@ use RHEL8_POST
 use rhel8_gcc-openmpi_debug_shared_no-kokkos-arch_no-asan_complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
 use PACKAGE-ENABLES|ALL
 
+[rhel8_gcc-openmpi_debug_shared_no-kokkos-arch_no-asan_complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_all-no-epetra]
+use rhel8_gcc-openmpi_debug_shared_no-kokkos-arch_no-asan_complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
+use PACKAGE-ENABLES|ALL-NO-EPETRA
+
 [rhel8_oneapi-intelmpi_release-debug_shared_no-kokkos-arch_no-asan_no-complex_fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_all]
 use BUILD-TYPE|RELEASE-DEBUG
 use KOKKOS-ARCH|NO-KOKKOS-ARCH