Merge pull request #578 from pipeline-foundation/feature/codeql

Add continuous code security and quality analysis

Author: darrelmiller

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,47 @@
+name: CodeQL Analysis
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 8 * * *'
+
+jobs:
+  analyze:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        id: checkout_repo
+        uses: actions/checkout@v2
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v1
+        with:
+          dotnet-version: 5.0.x
+
+      - name: Initialize CodeQL
+        id: init_codeql
+        uses: github/codeql-action/init@v1
+        with:
+          queries: security-and-quality
+
+      - name: Build projects
+        id: build_projects
+        shell: pwsh
+        run: |
+          $projectsArray = @(
+            '.\src\Microsoft.OpenApi\Microsoft.OpenApi.csproj',
+            '.\src\Microsoft.OpenApi.Readers\Microsoft.OpenApi.Readers.csproj',
+            '.\src\Microsoft.OpenApi.Tool\Microsoft.OpenApi.Tool.csproj'
+          )
+
+          $projectsArray | ForEach-Object {
+            dotnet build $PSItem -c Release
+          }
+
+      - name: Perform CodeQL Analysis
+        id: analyze_codeql
+        uses: github/codeql-action/analyze@v1
+
+# Built with ❤ by [Pipeline Foundation](https://pipeline.foundation)