Skip to content

CodeQL

CodeQL #76

Workflow file for this run

name: 'CodeQL'
on:
schedule:
- cron: '0 1 * * *'
workflow_dispatch:
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
branch: [ '22_2', '23_1', '23_2', '24_1', '24_2' ]
language: [ 'csharp', 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ matrix.branch }}
- name: Get head SHA
id: get-head-sha
run: echo "SHA=$(git rev-parse origin/${{ matrix.branch }})" >> "$GITHUB_OUTPUT"
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
ref: refs/heads/${{ matrix.branch }}
sha: ${{ steps.get-head-sha.outputs.SHA }}
fetch:
runs-on: devextreme-shr2
name: Fetch analysis
needs: [ analyze ]
steps:
- name: Get Latest Analysis info
run: |
RESPONSE=$(curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/code-scanning/alerts)
echo 'ALERTS<<EOF' >> $GITHUB_ENV
echo $RESPONSE >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
notify:
runs-on: devextreme-shr2
name: Send notifications
needs: [ analyze, fetch ]
steps:
- name: Get Date
id: get-date
shell: bash
run: echo "date=$(/bin/date -u "+%s")" >> $GITHUB_OUTPUT
- uses: actions/cache@v4
id: notify-cache
with:
path: notify.json
key: ${{ runner.os }}-${{ matrix.branch }}-${{ matrix.language }}-${{ steps.get-date.outputs.date }}
restore-keys: ${{ runner.os }}-${{ matrix.branch }}-${{ matrix.language }}
- name: Teams Notification
uses: DevExpress/github-actions/send-teams-notification@main
with:
hook_url: ${{ secrets.TEAMS_HOOK_TMP }}
alerts: ${{ env.ALERTS }}