From 4a130b8c3f9beaad074e7689b6f5aa772269560e Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Sun, 21 Jul 2024 10:23:25 +0100 Subject: [PATCH] Add CodeQL (#1143) * Add CodeQL - Add a workflow to run CodeQL. - Add setup-node to build. --- .github/workflows/build.yml | 5 +++ .github/workflows/code-scan.yml | 59 +++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 .github/workflows/code-scan.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1235d06a..17fe9be1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -46,6 +46,11 @@ jobs: - name: Setup .NET SDK uses: actions/setup-dotnet@v4 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: '20' + - name: Build, Test and Publish shell: pwsh run: ./build.ps1 diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml new file mode 100644 index 00000000..656faf71 --- /dev/null +++ b/.github/workflows/code-scan.yml @@ -0,0 +1,59 @@ +name: code-scan + +on: + push: + branches: [ main ] + pull_request: + branches: + - main + - dotnet-vnext + - dotnet-nightly + schedule: + - cron: '0 6 * * 1' + +permissions: + actions: read + contents: read + +jobs: + code-ql: + + runs-on: ubuntu-latest + + permissions: + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'csharp', 'javascript' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup .NET SDK + uses: actions/setup-dotnet@v4 + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: security-and-quality + config: | + name: 'dotnet-minimal-api-integration-testing CodeQL configuration' + paths-ignore: + - 'src/TodoApp/wwwroot/swagger-ui' + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: '/language:${{ matrix.language }}'