Code QL PR analysis

* Added new workflow for PR analysis using GitHub Code QL. * Renamed existing PR DevSkim analysis for uniformity. * Added push triggers for analysis workflows to have a baseline for PR analysis.
serilog-mssql · Dec 30, 2022 · 5a30ddc · 5a30ddc
1 parent cf6588e
commit 5a30ddc
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 4 deletions.
diff --git a/.github/workflows/pr-analysis-codeql.yml b/.github/workflows/pr-analysis-codeql.yml
@@ -0,0 +1,35 @@
+name: PR Analysis Code QL
+
+on:
+  push:
+    branches: [ dev, main ]
+  pull_request:
+    branches: [ dev, main ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build-and-analyze:
+    runs-on: windows-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: 'csharp'
+
+      - name: Run build
+        run: ./Build.ps1 -SkipTests
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:csharp"
diff --git a/.github/workflows/pr-codescan.yml → .github/workflows/pr-analysis-devskim.yml b/.github/workflows/pr-codescan.yml → .github/workflows/pr-analysis-devskim.yml
@@ -1,19 +1,22 @@
-name: PR Code Scan
+name: PR Analysis DevSkim
 
 on:
+  push:
+    branches: [ dev, main ]
   pull_request:
     branches: [ dev, main ]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
 jobs:
-  lint:
-    runs-on: ubuntu-20.04
+  analyze:
+    runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
       security-events: write
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

diff --git a/serilog-sinks-mssqlserver.sln b/serilog-sinks-mssqlserver.sln
@@ -26,8 +26,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		CHANGES.md = CHANGES.md
 		Directory.Packages.props = Directory.Packages.props
 		.github\ISSUE_TEMPLATE.md = .github\ISSUE_TEMPLATE.md
-		.github\workflows\pr-codescan.yml = .github\workflows\pr-codescan.yml
 		.github\workflows\pr-validation.yml = .github\workflows\pr-validation.yml
+		.github\workflows\pr-analysis-codeql.yml = .github\workflows\pr-analysis-codeql.yml
+		.github\workflows\pr-analysis-devskim.yml = .github\workflows\pr-analysis-devskim.yml
 		README.md = README.md
 		.github\workflows\release.yml = .github\workflows\release.yml
 	EndProjectSection