Skip to content

CodeQL

CodeQL #965

Workflow file for this run

name: 'CodeQL'
on:
workflow_dispatch:
jobs:
analyze-javascript:
name: Analyze JavaScript
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- uses: pnpm/action-setup@v3
with:
version: 9
run_install: false
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- uses: actions/cache@v4
name: Setup pnpm cache
with:
path: |
${{ env.STORE_PATH }}
.nx/cache
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store
- name: Install dependencies
run: |
corepack enable
pnpm install
# - name: Build npm packages
# run: pnpm run all:build
- name: Get head SHA
id: get-head-sha
run: echo "SHA=$(git rev-parse origin/${{ github.ref_name }})" >> "$GITHUB_OUTPUT"
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: javascript
config-file: ./.github/codeql/codeql-config.yml
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:javascript"
ref: refs/heads/${{ github.ref_name }}
sha: ${{ steps.get-head-sha.outputs.SHA }}
analyze-csharp:
name: Analyze C#
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Get head SHA
id: get-head-sha
run: echo "SHA=$(git rev-parse origin/${{ github.ref_name }})" >> "$GITHUB_OUTPUT"
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: csharp
config-file: ./.github/codeql/codeql-config.yml
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:csharp"
ref: refs/heads/${{ github.ref_name }}
sha: ${{ steps.get-head-sha.outputs.SHA }}
fetch:
runs-on: devextreme-shr2
name: Fetch analysis
needs: [ analyze-javascript, analyze-csharp ]
steps:
- name: Get Latest Analysis info
run: |
RESPONSE=$(curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/code-scanning/alerts)
echo 'ALERTS<<EOF' >> $GITHUB_ENV
echo $RESPONSE >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
notify:
runs-on: devextreme-shr2
name: Send notifications
needs: [ fetch ]
steps:
- name: Get Date
id: get-date
shell: bash
run: echo "date=$(/bin/date -u "+%s")" >> $GITHUB_OUTPUT
- uses: actions/cache@v4
id: notify-cache
with:
path: notify.json
key: ${{ runner.os }}-${{ steps.get-date.outputs.date }}
restore-keys: ${{ runner.os }}
- name: Teams Notification
uses: DevExpress/github-actions/send-teams-notification@v1
with:
hook_url: ${{ secrets.TEAMS_HOOK_TMP }}
alerts: ${{ env.ALERTS }}