-
Notifications
You must be signed in to change notification settings - Fork 41
134 lines (109 loc) · 4.02 KB
/
codeql-analysis.yml
File metadata and controls
134 lines (109 loc) · 4.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: "Code Analysis"
on:
push: # The master branch must be analyzed on a new commit
branches: [ master ]
tags-ignore:
- '*'
pull_request:
# Any PR on master must be analyzed
branches: [ master ]
workflow_dispatch: # CodeQL can be triggered manually
jobs:
analyzeQL:
name: Analyze with CodeQL
environment: Dev
runs-on: [windows-latest]
# runs-on: [self-hosted]
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
strategy:
fail-fast: false
matrix:
language: [ 'csharp' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
token: ${{ secrets.GITHUB_TOKEN }}
- name: Init & update submodules
run: git submodule update --init --recursive
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Setup .NET Core SDK
uses: actions/setup-dotnet@v4.0.0
with:
dotnet-version: ${{env.DOTNET_VERSION}}
- name: Restore Solution
run: dotnet restore ./FASTER.sln
- name: Build Solution
run: dotnet build ./FASTER.sln --configuration Debug
- name: Execute unit tests
run: dotnet test
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
## SONAR is now auto-analysing the project and the PRs
# AnalysisSonar:
# name: Analyze with SonarCloud
# runs-on: windows-latest
# permissions:
# pull-requests: write # allows SonarCloud to decorate PRs with analysis results
# # steps: # DOES NOT SCAN FOR SOME REASON ?
# # - name: Analyze with SonarCloud
# # # You can pin the exact commit or the version.
# # uses: SonarSource/sonarcloud-github-action@v3
# # env:
# # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# # with:
# # # Additional arguments for the SonarScanner CLI
# # args:
# # -Dsonar.projectKey=Foxlider_FASTER
# # -Dsonar.organization=foxlicorp
# # projectBaseDir: .
# steps:
# - name: Set up JDK 17
# uses: actions/setup-java@v4
# with:
# java-version: 17
# distribution: 'zulu' # Alternative distribution options are available.
# - uses: actions/checkout@v4
# with:
# submodules: true
# fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
# - name: Setup .NET Core SDK
# uses: actions/setup-dotnet@v4.0.0
# with:
# dotnet-version: ${{env.DOTNET_VERSION}}
# - name: Cache SonarCloud packages
# uses: actions/cache@v4
# with:
# path: ~\sonar\cache
# key: ${{ runner.os }}-sonar
# restore-keys: ${{ runner.os }}-sonar
# - name: Cache SonarCloud scanner
# id: cache-sonar-scanner
# uses: actions/cache@v4
# with:
# path: .\.sonar\scanner
# key: ${{ runner.os }}-sonar-scanner
# restore-keys: ${{ runner.os }}-sonar-scanner
# - name: Install SonarCloud scanner
# if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
# shell: pwsh
# run: |
# New-Item -Path .\.sonar\scanner -ItemType Directory
# dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
# - name: Build and analyze
# env:
# GITHUB_TOKEN: ${{ secrets.PR_DECORATION }} # Needed to get PR information, if any
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# shell: pwsh
# run: |
# .\.sonar\scanner\dotnet-sonarscanner begin /k:"Foxlider_FASTER" /o:"foxlicorp" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
# dotnet build
# .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"