Merge pull request #103 from FusionAuth/mike/bump-swift-6.2-xcode-26.0.1 #481
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Security and Code-Quality scan with CodeQL - Quickstart Sample" | |
| on: | |
| # Triggers the workflow on push events but only for default and protected branches | |
| push: | |
| branches: [ "main" ] | |
| # Triggers the workflow on pull request events but only for default and protected branches | |
| pull_request: | |
| branches: [ "main" ] | |
| # Triggers the workflow on a schedule every Monday at 6:36 AM | |
| schedule: | |
| - cron: '36 6 * * 1' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| # Triggers the workflow when it is called from another workflow | |
| workflow_call: | |
| jobs: | |
| analyze: | |
| name: CodeQL Scan (${{ matrix.language }}) | |
| # Runner size impacts CodeQL analysis time. To learn more, please see: | |
| # - https://gh.io/recommended-hardware-resources-for-running-codeql | |
| # - https://gh.io/supported-runners-and-hardware-resources | |
| # - https://gh.io/using-larger-runners (GitHub.com only) | |
| # Consider using larger runners or machines with greater resources for possible analysis time improvements. | |
| #runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | |
| #runs-on: [ self-hosted, macos ] | |
| runs-on: [ 'macos-15' ] | |
| #timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} | |
| timeout-minutes: 120 | |
| permissions: | |
| # required for all workflows | |
| security-events: write | |
| # required to fetch internal or private CodeQL packs | |
| packages: read | |
| # only required for workflows in private repositories | |
| actions: read | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # https://github.com/swiftlang/swift/releases | |
| swift: [ "6.1.0" ] | |
| # https://developer.apple.com/documentation/xcode-release-notes | |
| xcode: [ "26.0.1" ] | |
| language: [ swift ] | |
| build-mode: [ manual ] | |
| destination: | |
| - "platform=iOS Simulator,OS=26.0.1,name=iPhone 17" | |
| # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, | |
| # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. | |
| # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how | |
| # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages | |
| steps: | |
| # Initialize the latest version of Xcode. | |
| - name: Initialize latest xcode | |
| uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 | |
| with: | |
| xcode-version: ${{ matrix.xcode }} | |
| # Remove any other Xcode version. | |
| - name: Remove old xcode versions | |
| run: | | |
| echo "Searching for Xcode versions:" | |
| find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1 | |
| echo "Removing old Xcode versions..." | |
| find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1 | grep -v ${{ matrix.xcode }} | xargs rm -rf | |
| echo "Available Xcode versions after removal:" | |
| find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1 | |
| # Initialize Swift in the matrix specified version. | |
| - name: Initialize Swift | |
| uses: swift-actions/setup-swift@682457186b71c25a884c45c06f859febbe259240 # v2.3.0 | |
| with: | |
| swift-version: ${{ matrix.swift }} | |
| # Get the Swift version. | |
| - name: Get swift version | |
| run: swift --version | |
| # Checkout the repository. | |
| - name: Checkout repository | |
| uses: actions/[email protected] | |
| # Initialize CodeQL. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/[email protected] | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: ${{ matrix.build-mode }} | |
| # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | |
| # queries: security-extended,security-and-quality | |
| queries: security-and-quality | |
| config-file: .github/codeql/codeql-samples-config.yml | |
| # ℹ️ Command-line programs to run using the OS shell. | |
| # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | |
| # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). | |
| # If this step fails, then you should remove it and run the build manually (see below) | |
| # - name: Autobuild | |
| # uses: github/codeql-action/[email protected] | |
| # Check Disk Space before the build. | |
| - name: Check Disk Space | |
| run: | | |
| sleep 10 | |
| df -h | |
| - name: List available simulators | |
| run: xcodebuild -showdestinations -scheme fusionauth-quickstart-swift-ios-native-swift-6 | |
| # Perform the build manually. | |
| - name: Manual Build | |
| run: set -o pipefail && xcodebuild -workspace FusionAuthSDK.xcworkspace/ -scheme fusionauth-quickstart-swift-ios-native-swift-6 -destination "${{matrix.destination}}" -skipPackagePluginValidation -parallel-testing-enabled NO | |
| # Perform CodeQL Analysis if the build succeeded or failed. | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/[email protected] | |
| if: success() || failure() | |
| with: | |
| category: "/language:${{matrix.language}}" |