You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Combine CodeQL and build workflows, add contents:write permission (#12)
## Summary
- Merge CodeQL analysis steps back into the main dotnet.yml workflow
- Remove separate codeql.yml file that was causing the split
- Add job-level permissions including contents:write required for
release uploads
- Fix NUGET_KEY reference to NUGET_API_KEY
- Fix matrix.language reference to hardcoded csharp value
## Changes
- Combined both workflows into single dotnet.yml file (restoring
functionality from commit 92a6d03)
- Added proper permissions: actions: read, contents: write,
security-events: write
- Removed redundant separate codeql.yml workflow
- Updated secret key name for NuGet publishing
## Test plan
- [ ] Verify workflow runs successfully on push
- [ ] Confirm CodeQL analysis executes and uploads SARIF results
- [ ] Test release artifact uploads work with contents:write permission
- [ ] Validate NuGet package publishing on tags
## High-level PR Summary
This PR consolidates the CodeQL security analysis workflow into the main
dotnet build workflow by removing the separate `codeql.yml` file and
merging its steps into `dotnet.yml`. It also adds necessary permissions
(`actions:read`, `contents:write`, `security-events:write`) at the job
level to support release uploads and security scanning, and fixes the
NuGet API key secret reference from `NUGET_KEY` to `NUGET_API_KEY`. The
language reference was also hardcoded from a matrix variable to `csharp`
since only a single language is being analyzed.
0 commit comments