abp

1
# For most projects, this workflow file will not need changing; you simply need
2
# to commit it to your repository.
3
#
4
# You may wish to alter this file to override the set of languages analyzed,
5
# or to provide custom queries or build logic.
6
name: "CodeQL"
7

8
on:
9
  push:
10
    branches: [dev, rel-*]
11
    paths:
12
      - "abp/**/*.js"
13
      - "abp/**/*.cs"
14
      - "abp/**/*.cshtml"
15
      - "abp/**/*.csproj"
16
      - "abp/**/*.razor"
17
  pull_request:
18
    # The branches below must be a subset of the branches above
19
    branches: [dev]
20
    paths:
21
      - "abp/**/*.js"
22
      - "abp/**/*.cs"
23
      - "abp/**/*.cshtml"
24
      - "abp/**/*.csproj"
25
      - "abp/**/*.razor"
26
    types:
27
      - opened
28
      - synchronize
29
      - reopened
30
      - ready_for_review
31

32
permissions:
33
  contents: read
34

35
jobs:
36
  analyze:
37
    if: ${{ !github.event.pull_request.draft }}
38
    permissions:
39
      actions: read  # for github/codeql-action/init to get workflow details
40
      contents: read  # for actions/checkout to fetch code
41
      security-events: write  # for github/codeql-action/autobuild to send a status report
42
    name: Analyze
43
    runs-on: ubuntu-latest
44

45
    strategy:
46
      fail-fast: false
47
      matrix:
48
        # Override automatic language detection by changing the below list
49
        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
50
        language: ["csharp", "javascript"]
51
        # Learn more...
52
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
53

54
    steps:
55
      - name: Checkout repository
56
        uses: actions/checkout@v2
57
        with:
58
          # We must fetch at least the immediate parents so that if this is
59
          # a pull request then we can checkout the head.
60
          fetch-depth: 2
61

62
      # If this run was triggered by a pull request event, then checkout
63
      # the head of the pull request instead of the merge commit.
64
      - run: git checkout HEAD^2
65
        if: ${{ github.event_name == 'pull_request' }}
66

67
      # Initializes the CodeQL tools for scanning.
68
      - name: Initialize CodeQL
69
        uses: github/codeql-action/init@v1
70
        with:
71
          languages: ${{ matrix.language }}
72
          # If you wish to specify custom queries, you can do so here or in a config file.
73
          # By default, queries listed here will override any specified in a config file.
74
          # Prefix the list here with "+" to use these queries and those in the config file.
75
          # queries: ./path/to/local/query, your-org/your-repo/queries@main
76

77
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
78
      # If this step fails, then you should remove it and run the build manually (see below)
79
      - name: Autobuild
80
        uses: github/codeql-action/autobuild@v1
81

82
      # ℹ️ Command-line programs to run using the OS shell.
83
      # 📚 https://git.io/JvXDl
84

85
      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
86
      #    and modify them (or add more) to build your code if your project
87
      #    uses a compiled language
88

89
      #- run: |
90
      #   make bootstrap
91
      #   make release
92

93
      - name: Perform CodeQL Analysis
94
        uses: github/codeql-action/analyze@v1
95