Skip to content

Add CodeQL workflow for security analysis#2

Merged
Chris-Wolfgang merged 11 commits intomainfrom
Chris-Wolfgang-patch-1
Feb 1, 2026
Merged

Add CodeQL workflow for security analysis#2
Chris-Wolfgang merged 11 commits intomainfrom
Chris-Wolfgang-patch-1

Conversation

@Chris-Wolfgang
Copy link
Owner

@Chris-Wolfgang Chris-Wolfgang commented Feb 1, 2026

Description

Fixes/Complete # (issue)

Type of change

Please delete options that are not relevant.

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update
  • Refactor

How Has This Been Tested?

  • Test A
  • Test B

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Screenshots (if applicable)

Additional context

Copilot AI review requested due to automatic review settings February 1, 2026 03:10
Copilot AI reviewed Feb 1, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a GitHub Actions workflow for CodeQL security analysis to enable automated code scanning for security vulnerabilities. The workflow is configured to run on pushes and pull requests to the main and develop branches, as well as on a weekly schedule.

Changes:

  • Added CodeQL workflow configuration for C# security analysis with scheduled scans

.github/workflows/.github/workflows/codeql.yml Outdated
Comment on lines 5 to 7
branches: [ "main", "develop" ]
pull_request:
branches: [ "main", "develop" ]
Copy link

Copilot AI Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow lacks the paths-ignore configuration that exists in pr.yaml (lines 16-18). The pr.yaml workflow ignores changes to Markdown files and documentation (**.md and docs/**) to avoid unnecessary workflow runs. Consider adding the same paths-ignore configuration to prevent CodeQL from running when only documentation is updated, which would save CI resources and reduce workflow execution time.

Suggested change
branches: [ "main", "develop" ]
pull_request:
branches: [ "main", "develop" ]
branches: [ "main", "develop" ]
paths-ignore:
- '**.md'
- 'docs/**'
pull_request:
branches: [ "main", "develop" ]
paths-ignore:
- '**.md'
- 'docs/**'

Copilot uses AI. Check for mistakes.
.github/workflows/.github/workflows/codeql.yml Outdated
Comment on lines 26 to 47
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}

- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.x

- name: Restore dependencies
run: dotnet restore

- name: Build
run: dotnet build --no-restore --configuration Release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
Copy link

Copilot AI Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent YAML indentation. The steps list items should be indented with 6 spaces to align with the convention used in other workflows in this repository (see pr.yaml line 29, release.yaml line 16, docfx.yaml line 18). Currently, the step items appear to be indented with only 4 spaces, which while syntactically valid, deviates from the established codebase pattern.

Copilot uses AI. Check for mistakes.
Copy link
Owner Author

@Chris-Wolfgang Chris-Wolfgang Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot format file correctly

Copy link
Owner Author

@Chris-Wolfgang Chris-Wolfgang Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot open a new pull request to apply changes based on this feedback

.github/workflows/.github/workflows/codeql.yml Outdated
Comment on lines 1 to 47
name: "CodeQL"

on:
push:
branches: [ "main", "develop" ]
pull_request:
branches: [ "main", "develop" ]
schedule:
- cron: '30 1 * * 0' # Weekly scan on Sundays

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'csharp' ]

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}

- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.x

- name: Restore dependencies
run: dotnet restore

- name: Build
run: dotnet build --no-restore --configuration Release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
Copy link

Copilot AI Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file is placed in an incorrect directory path. It should be located at .github/workflows/codeql.yml instead of .github/workflows/.github/workflows/codeql.yml. The nested .github/workflows/ structure will prevent GitHub Actions from discovering and running this workflow. Workflow files must be directly in the .github/workflows/ directory to be executed.

Suggested change
name: "CodeQL"
on:
push:
branches: [ "main", "develop" ]
pull_request:
branches: [ "main", "develop" ]
schedule:
- cron: '30 1 * * 0' # Weekly scan on Sundays
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'csharp' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: |
8.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore --configuration Release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
# This file is intentionally left blank.
# The active CodeQL workflow should be located at:
# .github/workflows/codeql.yml

Copilot uses AI. Check for mistakes.
Copy link
Owner Author

@Chris-Wolfgang Chris-Wolfgang Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot move file to correct path

Chris-Wolfgang and others added 3 commits January 31, 2026 22:23
@Chris-Wolfgang
Limit CodeQL workflow branches to 'main'
5787b33 
Restrict CodeQL workflow to only the 'main' branch for push and pull request events.
@Chris-Wolfgang
Apply suggestions from code review
f697506 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Initial plan
a1b6886
Copy link
Contributor

Copilot AI commented Feb 1, 2026

@Chris-Wolfgang I've opened a new pull request, #3, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Feb 1, 2026
Merged
14 tasks
Copy link
Contributor

Copilot AI commented Feb 1, 2026

@Chris-Wolfgang I've opened a new pull request, #4, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Feb 1, 2026
Merged
15 tasks
Copilot AI and others added 5 commits February 1, 2026 03:29
@Chris-Wolfgang
Fix YAML indentation in CodeQL workflow to match repository convention
992dd4e 
Co-authored-by: Chris-Wolfgang <210299580+Chris-Wolfgang@users.noreply.github.com>
@Chris-Wolfgang
Move CodeQL workflow file to correct path
e8b47bb 
Co-authored-by: Chris-Wolfgang <210299580+Chris-Wolfgang@users.noreply.github.com>
@Chris-Wolfgang
Merge pull request #3 from Chris-Wolfgang/copilot/sub-pr-2
b6d24c0 
Fix YAML indentation in CodeQL workflow to match repository convention
@Chris-Wolfgang
Merge branch 'copilot/sub-pr-2-again' into Chris-Wolfgang-patch-1
6a529ff
@Chris-Wolfgang
Update CodeQL workflow for main and develop branches
fa2493a
Copy link
Contributor

Copilot AI commented Feb 1, 2026

@Chris-Wolfgang I've opened a new pull request, #5, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Feb 1, 2026
Closed
15 tasks
@Chris-Wolfgang Chris-Wolfgang merged commit ac1ab4b into main Feb 1, 2026
5 of 8 checks passed
@Chris-Wolfgang Chris-Wolfgang deleted the Chris-Wolfgang-patch-1 branch February 1, 2026 03:55
Copilot AI mentioned this pull request Feb 2, 2026
Merged
15 tasks
Copilot AI added a commit that referenced this pull request Feb 2, 2026
@Chris-Wolfgang
Complete Step #2: Add missing banned APIs and fix build
d26abab 
Co-authored-by: Chris-Wolfgang <210299580+Chris-Wolfgang@users.noreply.github.com>
Chris-Wolfgang added a commit that referenced this pull request Feb 2, 2026
@Chris-Wolfgang
Merge pull request #43 from Chris-Wolfgang/copilot/expand-banned-symb…
da168d2 
…ols-and-editorconfig

Complete Step #2: Static Code Analysis - Add missing banned APIs and fix build
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Chris-Wolfgang