updated workflow v4 #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For most projects, this workflow file will not need changing; you simply need | |
| # to commit it to your repository. | |
| # | |
| # You may wish to alter this file to override the set of languages analyzed, | |
| # or to provide custom queries or build logic. | |
| # | |
| # ******** NOTE ******** | |
| # We have attempted to detect the languages in your repository. Please check | |
| # the `language` matrix defined below to confirm you have the correct set of | |
| # supported CodeQL languages. | |
| # | |
| # You may need to adjust this file for your specific repository or build process. | |
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| # The branches below must be a subset of the branches above | |
| branches: [ "main" ] | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| # Runner size impacts CodeQL analysis time. To learn more, please see: | |
| # - https://gh.io/recommended-hardware-resources-for-running-codeql | |
| # - https://gh.io/supported-runners-and-hardware-resources | |
| # - https://gh.io/using-larger-runners | |
| # Consider using larger runners for possible analysis time improvements. | |
| runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | |
| timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ 'csharp', 'javascript-typescript' ] | |
| # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] | |
| # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both | |
| # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both | |
| # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | |
| dot-version: ['3.1.x'] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Installing DotNet version | |
| - name: Setup dotnet ${{ matrix.dotnet-version }} | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: ${{ matrix.dot-version }} | |
| # Display dotnet version for confirmation | |
| - name: Display dotnet version | |
| run: dotnet --version | |
| # Initializes the CodeQL tools for scanning. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # You can customize the queries here or in a config file. | |
| # Manually build the C# project using dotnet build | |
| - name: Build the C# project | |
| if: matrix.language == 'csharp' | |
| run: | | |
| dotnet restore | |
| dotnet build --configuration Release | |
| # If autobuild fails, manually trigger the build here for other languages. | |
| # - run: | | |
| # echo "Run, Build Application using script" | |
| # ./location_of_script_within_repo/buildscript.sh | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| with: | |
| category: "/language:${{matrix.language}}" |