Skip to content

build(deps): bump github/codeql-action in the prod-github-actions gro… #179

build(deps): bump github/codeql-action in the prod-github-actions gro…

build(deps): bump github/codeql-action in the prod-github-actions gro… #179

name: "Security and Code-Quality scan with CodeQL - Package"
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '39 6 * * 1'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
analyze:
name: CodeQL Scan (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
#runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
#runs-on: [ self-hosted, macos ]
runs-on: ['macos-14']
#timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
timeout-minutes: 120
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
# https://github.com/swiftlang/swift/releases
swift: ["5.10.1"]
# https://developer.apple.com/documentation/xcode-release-notes
xcode: ["15.4"]
language: [swift]
build-mode: [manual]
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
# This step initializes the in the matrix specified version of Xcode.
- name: Initialize latest xcode
uses: maxim-lobanov/[email protected]
with:
xcode-version: ${{ matrix.xcode }}
# This step removes all other versions of Xcode from the machine.
- name: Remove old xcode versions
run: |
echo "Searching for Xcode versions:"
find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1
echo "Removing old Xcode versions..."
find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1 | grep -v ${{ matrix.xcode }} | xargs rm -rf
echo "Available Xcode versions after removal:"
find /Applications -name "Xcode_*" -maxdepth 1 -mindepth 1
# Initialize Swift in the matrix specified version.
- name: Initialize Swift
uses: swift-actions/[email protected]
with:
swift-version: ${{ matrix.swift }}
# Get the Swift version.
- name: Get swift version
run: swift --version
# Checkout the repository.
- name: Checkout repository
uses: actions/[email protected]
# Initialize CodeQL.
- name: Initialize CodeQL
uses: github/codeql-action/[email protected]
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
queries: security-and-quality
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
#- name: Autobuild
# uses: github/codeql-action/[email protected]
# Check disk space.
- name: Check Disk Space
run: |
sleep 10
df -h
# Manual build with the release configuration.
- name: Manual build
run: swift build --build-tests --configuration debug -v
# Perform CodeQL analysis after the build has completed successfully or failed.
- name: Perform CodeQL Analysis
uses: github/codeql-action/[email protected]
if: success() || failure()
with:
category: "/language:${{matrix.language}}"