CodeQL #179
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: [master] | |
| paths-ignore: | |
| - 'docs/**' | |
| pull_request: | |
| branches: [master] | |
| schedule: | |
| - cron: '0 18 * * 6' | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| packages: read | |
| env: | |
| DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1 | |
| DOTNET_CLI_TELEMETRY_OPTOUT: 1 | |
| NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: ['csharp'] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - name: Setup .NET (9.x) | |
| id: setup-dotnet | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '9.0.x' | |
| source-url: https://nuget.pkg.github.com/Gemstone/index.json | |
| # Setup CodeQL to restore Gemstone packages from GitHub Packages, | |
| # this way the packages are immediately available for analysis. | |
| - name: Write NuGet.config with sources, creds, and mapping | |
| run: | | |
| cat > NuGet.config <<EOF | |
| <?xml version="1.0" encoding="utf-8"?> | |
| <configuration> | |
| <packageSources> | |
| <add key="github" value="https://nuget.pkg.github.com/Gemstone/index.json" /> | |
| <add key="nuget.org" value="https://api.nuget.org/v3/index.json" /> | |
| </packageSources> | |
| <packageSourceCredentials> | |
| <github> | |
| <add key="Username" value="${GITHUB_ACTOR}" /> | |
| <add key="ClearTextPassword" value="${NUGET_AUTH_TOKEN}" /> | |
| </github> | |
| </packageSourceCredentials> | |
| <packageSourceMapping> | |
| <packageSource key="github"> | |
| <package pattern="Gemstone.*" /> | |
| </packageSource> | |
| <packageSource key="nuget.org"> | |
| <package pattern="*" /> | |
| </packageSource> | |
| </packageSourceMapping> | |
| </configuration> | |
| EOF | |
| - name: Pin SDK via global.json | |
| run: echo '{"sdk":{"version":"${{ steps.setup-dotnet.outputs.dotnet-version }}"}}' > global.json | |
| - name: Print SDKs & tree | |
| run: | | |
| dotnet --list-sdks | |
| dotnet --info | |
| ls -la | |
| echo "--- src ---" | |
| ls -la src || true | |
| - name: Initialize CodeQL (manual build) | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: manual | |
| queries: security-and-quality | |
| - name: Restore | |
| run: dotnet restore ./src/Gemstone.Threading/Gemstone.Threading.csproj --configfile NuGet.config | |
| - name: Build | |
| run: dotnet build -c Release ./src/Gemstone.Threading/Gemstone.Threading.csproj --no-restore | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 |