Skip to content

CodeQL

CodeQL #2500

Workflow file for this run

# As per documentation at https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#avoiding-unnecessary-scans-of-pull-requests
# For CodeQL code scanning workflow files, don't use the paths-ignore or paths keywords with the on:push event
# as this is likely to cause missing analyses. For accurate results, CodeQL code scanning needs to be able to
# compare new changes with the analysis of the previous commit.
name: "CodeQL"
on:
workflow_dispatch:
push:
branches: [ main ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * 0' # Once a week: "At 00:00 on Sunday."
permissions:
security-events: write
defaults:
run:
shell: pwsh
jobs:
analyze:
name: CodeQL analyze
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'csharp' ]
runs-on: ubuntu-latest
env:
SLN_FILEPATH : ${{ github.workspace }}/DotNet.Sdk.Extensions.sln
steps:
- name: Dump github context for debug purposes
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: $env:GITHUB_CONTEXT
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: |
6.0.x
global-json-file: global.json
- name: Cache/Restore NuGets
uses: actions/cache@v3
with:
path:
~/.nuget/packages
key: ${{ runner.os }}-nuget-
restore-keys: |
${{ runner.os }}-nuget-
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: security-and-quality
- name: Restore dependencies
run: dotnet restore ${{ env.SLN_FILEPATH }}
- name: Build
run: dotnet build ${{ env.SLN_FILEPATH }} -c Release -warnaserror --no-restore --no-incremental
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
- name: Upload SARIF file
uses: actions/upload-artifact@v3
with:
name: csharp-sarif
path: ${{runner.workspace}}/results/csharp.sarif