Skip to content

Verifiable CodeQL analysis #1220

Verifiable CodeQL analysis

Verifiable CodeQL analysis #1220

name: "Verifiable CodeQL analysis"
on:
workflow_dispatch:
push:
branches:
- main
- develop
# pull_request:
# branches:
# - main
# paths-ignore:
# - "**.md"
schedule:
# A daily build to check all is still functioning.
- cron: "0 0 * * *"
jobs:
analyze:
name: CodeQL Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: 'csharp'
build-mode: none
queries: security-and-quality
- uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25
with:
global-json-file: global.json
- name: Autobuild
if: ${{ github.actor != 'dependabot[bot]' }}
uses: github/codeql-action/autobuild@v3
- name: CodeQL Analysis
if: ${{ github.actor != 'dependabot[bot]' }}
uses: github/codeql-action/analyze@v3
timeout-minutes: 100