name: "Code scanning - action" on: push: branches: - "*/dev" - "*/contrib" - "release/*" pull_request: # The branches below must be a subset of the branches above branches: - "*/dev" - "*/contrib" - "release/*" schedule: - cron: "33 2 * * 1" permissions: contents: read env: dotnetVersion: 9.x dotnetIncludePreviewVersions: "preview" solution: umbraco.sln buildConfiguration: SkipTests DOTNET_NOLOGO: true DOTNET_GENERATE_ASPNET_CERTIFICATE: false DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true DOTNET_CLI_TELEMETRY_OPTOUT: true NODE_OPTIONS: --max_old_space_size=16384 jobs: CodeQL-Build: name: Analyze (${{ matrix.language }}) permissions: actions: read # for github/codeql-action/init to get workflow details contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/analyze to upload SARIF results runs-on: ubuntu-latest strategy: fail-fast: false matrix: include: - language: csharp build-mode: manual - language: javascript-typescript build-mode: none steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} config-file: ./.github/config/codeql-config.yml - if: matrix.build-mode == 'manual' name: Use .NET ${{ env.dotnetVersion }} uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.dotnetVersion }} dotnet-quality: ${{ env.dotnetIncludePreviewVersions }} - if: matrix.build-mode == 'manual' shell: bash run: | dotnet restore ${{ env.solution }} dotnet build ${{ env.solution }} --configuration ${{ env.buildConfiguration }} --no-restore -p:ContinuousIntegrationBuild=true - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}"