Skip to content

CodeQL

CodeQL #539

name: "CodeQL"
on:
push:
branches-ignore:
- 'dependabot/**'
pull_request:
schedule:
- cron: '0 8 * * 1'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
queries: security-and-quality
languages: csharp
- name: Setup .NET
uses: actions/setup-dotnet@v3
id: installdotnet
with:
dotnet-version: 8.0.x
- name: Create temporary global.json
run: echo '{"sdk":{"version":"${{ steps.installdotnet.outputs.dotnet-version }}"}}' > ./global.json
# build a temporary *.slnf file that only contains source projects and put it in ~/obj
# so that it is not tracked by git. then run 'dotnet build' using the *.slnf, which
# will preserve the dependency order and configuration of the *.sln
- name: Build Source
shell: pwsh
run: |
$start = (Get-Location).Path.Length + 1
$sln = Join-Path '..' 'asp.sln'
$projects = Get-ChildItem src -Include src -Recurse | `
ForEach-Object { Get-ChildItem $_.FullName -Filter *.csproj -Recurse } | `
ForEach-Object { $_.FullName.Substring($start) }
$json = ConvertTo-Json(New-Object PSObject -Property @{solution=@{path=$sln;projects=$projects}})
$obj = New-Item -Path 'obj' -ItemType Directory -Force
$slnf = New-Item -Path (Join-Path $obj 'codeql.slnf') -ItemType File -Value $json -Force
dotnet build $slnf.FullName --configuration Release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2