From d27135ce5fe54f4f942df1f44270bbc8ada7c4e6 Mon Sep 17 00:00:00 2001 From: AleksIvanovSinglet Date: Tue, 25 May 2021 18:02:49 +0300 Subject: [PATCH 1/4] add CQL pipeline --- .github/workflows/codeql-analysis.yml | 42 +++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000..49008b540 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,42 @@ +name: CodeQL Analysis + +on: + push: + paths: + - 'src/csharp/**' + pull_request: + paths: + - 'src/csharp/**' + schedule: + - cron: '0 8 * * *' + workflow_dispatch: + +jobs: + analyze: + name: CodeQL Analysis + runs-on: ubuntu-latest + steps: + - name: Checkout repository + id: checkout_repo + uses: actions/checkout@v2 + + - name: Initialize CodeQL + id: init_codeql + uses: github/codeql-action/init@v1 + with: + queries: security-and-quality + + - name: Build projects + id: build_projects + shell: pwsh + run: | + Get-ChildItem -Filter *.csproj -Exclude *test* -Recurse -File | ForEach-Object { + dotnet build $PSItem.FullName ` + --configuration Release + } + + - name: Perform CodeQL Analysis + id: analyze_codeql + uses: github/codeql-action/analyze@v1 + +# Built with ❤ by [Pipeline Foundation](https://pipeline.foundation) From dc75c44ddfd58da53e798b425e9715f5d19c2625 Mon Sep 17 00:00:00 2001 From: AleksIvanovSinglet Date: Tue, 25 May 2021 18:08:49 +0300 Subject: [PATCH 2/4] add path to build loop --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 49008b540..90ac03ce6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -30,7 +30,7 @@ jobs: id: build_projects shell: pwsh run: | - Get-ChildItem -Filter *.csproj -Exclude *test* -Recurse -File | ForEach-Object { + Get-ChildItem -Path src/csharp/ -Filter *.csproj -Exclude *test* -Recurse -File | ForEach-Object { dotnet build $PSItem.FullName ` --configuration Release } From f6d88f962380c710ecda18f8996ee3f92290ed1b Mon Sep 17 00:00:00 2001 From: AleksIvanovSinglet Date: Tue, 25 May 2021 18:13:07 +0300 Subject: [PATCH 3/4] format the code and test basic queries --- .github/workflows/codeql-analysis.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 90ac03ce6..7aaa82898 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -3,10 +3,10 @@ name: CodeQL Analysis on: push: paths: - - 'src/csharp/**' + - 'src/csharp/**' pull_request: paths: - - 'src/csharp/**' + - 'src/csharp/**' schedule: - cron: '0 8 * * *' workflow_dispatch: @@ -23,17 +23,17 @@ jobs: - name: Initialize CodeQL id: init_codeql uses: github/codeql-action/init@v1 - with: - queries: security-and-quality + # with: + # queries: security-and-quality - name: Build projects id: build_projects shell: pwsh run: | - Get-ChildItem -Path src/csharp/ -Filter *.csproj -Exclude *test* -Recurse -File | ForEach-Object { - dotnet build $PSItem.FullName ` - --configuration Release - } + Get-ChildItem -Path src/csharp/ -Filter *.csproj -Exclude *test* -Recurse -File | ForEach-Object { + dotnet build $PSItem.FullName ` + --configuration Release + } - name: Perform CodeQL Analysis id: analyze_codeql From 7f0e7a0f2ba92da3eae6f66a7aaa99b718af57cb Mon Sep 17 00:00:00 2001 From: AleksIvanovSinglet Date: Tue, 25 May 2021 19:05:15 +0300 Subject: [PATCH 4/4] add saq queries --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7aaa82898..c9f1bd3b4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,8 +23,8 @@ jobs: - name: Initialize CodeQL id: init_codeql uses: github/codeql-action/init@v1 - # with: - # queries: security-and-quality + with: + queries: security-and-quality - name: Build projects id: build_projects