From 5a30ddc288a913340717e19abbd9aa3e1444a20f Mon Sep 17 00:00:00 2001
From: Christian Kadluba <10721825+ckadluba@users.noreply.github.com>
Date: Mon, 19 Dec 2022 11:37:08 +0100
Subject: [PATCH] Code QL PR analysis

* Added new workflow for PR analysis using GitHub Code QL.
* Renamed existing PR DevSkim analysis for uniformity.
* Added push triggers for analysis workflows to have a baseline for PR analysis.
---
 .github/workflows/pr-analysis-codeql.yml      | 35 +++++++++++++++++++
 ...r-codescan.yml => pr-analysis-devskim.yml} |  9 +++--
 serilog-sinks-mssqlserver.sln                 |  3 +-
 3 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/pr-analysis-codeql.yml
 rename .github/workflows/{pr-codescan.yml => pr-analysis-devskim.yml} (84%)

diff --git a/.github/workflows/pr-analysis-codeql.yml b/.github/workflows/pr-analysis-codeql.yml
new file mode 100644
index 00000000..547e4579
--- /dev/null
+++ b/.github/workflows/pr-analysis-codeql.yml
@@ -0,0 +1,35 @@
+name: PR Analysis Code QL
+
+on:
+  push:
+    branches: [ dev, main ]
+  pull_request:
+    branches: [ dev, main ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build-and-analyze:
+    runs-on: windows-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: 'csharp'
+
+      - name: Run build
+        run: ./Build.ps1 -SkipTests
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:csharp"
diff --git a/.github/workflows/pr-codescan.yml b/.github/workflows/pr-analysis-devskim.yml
similarity index 84%
rename from .github/workflows/pr-codescan.yml
rename to .github/workflows/pr-analysis-devskim.yml
index 03d42de7..ec81dfbf 100644
--- a/.github/workflows/pr-codescan.yml
+++ b/.github/workflows/pr-analysis-devskim.yml
@@ -1,6 +1,8 @@
-name: PR Code Scan
+name: PR Analysis DevSkim
 
 on:
+  push:
+    branches: [ dev, main ]
   pull_request:
     branches: [ dev, main ]
 
@@ -8,12 +10,13 @@ on:
   workflow_dispatch:
 
 jobs:
-  lint:
-    runs-on: ubuntu-20.04
+  analyze:
+    runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
       security-events: write
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
diff --git a/serilog-sinks-mssqlserver.sln b/serilog-sinks-mssqlserver.sln
index 78a64821..6433d271 100644
--- a/serilog-sinks-mssqlserver.sln
+++ b/serilog-sinks-mssqlserver.sln
@@ -26,8 +26,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		CHANGES.md = CHANGES.md
 		Directory.Packages.props = Directory.Packages.props
 		.github\ISSUE_TEMPLATE.md = .github\ISSUE_TEMPLATE.md
-		.github\workflows\pr-codescan.yml = .github\workflows\pr-codescan.yml
 		.github\workflows\pr-validation.yml = .github\workflows\pr-validation.yml
+		.github\workflows\pr-analysis-codeql.yml = .github\workflows\pr-analysis-codeql.yml
+		.github\workflows\pr-analysis-devskim.yml = .github\workflows\pr-analysis-devskim.yml
 		README.md = README.md
 		.github\workflows\release.yml = .github\workflows\release.yml
 	EndProjectSection