Analyze with CodeQL
ActionsTags
Β (2)Initializes CodeQL for SATS analyze of your code. Leverages the official CodeQL: Init action pre-configured specifically for the majority.
This action is part of the Codebelt umbrella and ensures a consistent way of:
- Defining your CI/CD pipeline
- Structuring your repository
- Keeping your codebase small and feasible
- Writing clean and maintainable code
- Deploying your code to different environments
- Automating as much as possible
A paved path to excel as a DevSecOps Engineer.
To use this action in your GitHub repository, you can follow these steps:
uses: codebeltnet/codeql-scan@v1
with:
# A comma-separated list of CodeQL languages to analyze.
languages: 'csharp'
This action has no outputs.
steps:
- name: Prepare CodeQL SAST Analysis
uses: codebeltnet/codeql-scan@v1
name: Generic CI/CD Pipeline (.NET Library)
on:
push:
branches: [main]
paths-ignore:
- .codecov
- .docfx
- .github
- .nuget
pull_request:
branches: [main]
workflow_dispatch:
inputs:
configuration:
type: choice
description: The build configuration to use in the deploy stage.
required: true
default: Release
options:
- Debug
- Release
jobs:
build:
name: π οΈ Build
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.minver-calculate.outputs.version }}
steps:
- name: Checkout
uses: codebeltnet/git-checkout@v1
- name: Install .NET
uses: codebeltnet/install-dotnet@v1
- name: Install MinVer
uses: codebeltnet/dotnet-tool-install-minver@v1
- id: minver-calculate
name: Calculate Version
uses: codebeltnet/minver-calculate@v1
- name: Download strongname.snk file
uses: codebeltnet/gcp-download-file@v1
with:
serviceAccountKey: ${{ secrets.GCP_TOKEN }}
bucketName: ${{ secrets.GCP_BUCKETNAME }}
objectName: strongname.snk
- name: Restore Dependencies
uses: codebeltnet/dotnet-restore@v1
- name: Build for Preview
uses: codebeltnet/dotnet-build@v1
with:
configuration: Debug
- name: Build for Production
uses: codebeltnet/dotnet-build@v1
with:
configuration: Release
pack:
name: π¦ Pack
runs-on: ubuntu-22.04
strategy:
matrix:
configuration: [Debug, Release]
needs: [build]
steps:
- name: Pack for ${{ matrix.configuration }}
uses: codebeltnet/dotnet-pack@v1
with:
configuration: ${{ matrix.configuration }}
uploadPackedArtifact: true
version: ${{ needs.build.outputs.version }}
test:
name: π§ͺ Test
needs: [build]
strategy:
matrix:
os: [ubuntu-22.04, windows-2022]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: codebeltnet/git-checkout@v1
- name: Install .NET
uses: codebeltnet/install-dotnet@v1
- name: Install .NET Tool - Report Generator
uses: codebeltnet/dotnet-tool-install-reportgenerator@v1
- name: Test with Debug build
uses: codebeltnet/dotnet-test@v1
with:
configuration: Debug
buildSwitches: -p:SkipSignAssembly=true
- name: Test with Release build
uses: codebeltnet/dotnet-test@v1
with:
configuration: Release
buildSwitches: -p:SkipSignAssembly=true
sonarcloud:
name: π¬ Code Quality Analysis
needs: [build,test]
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: codebeltnet/git-checkout@v1
- name: Install .NET
uses: codebeltnet/install-dotnet@v1
- name: Install .NET Tool - Sonar Scanner
uses: codebeltnet/dotnet-tool-install-sonarscanner@v1
- name: Restore Dependencies
uses: codebeltnet/dotnet-restore@v1
- name: Run SonarCloud Analysis
uses: codebeltnet/sonarcloud-scan@v1
with:
token: ${{ secrets.SONAR_TOKEN }}
organization: your-sonarcloud-organization
projectKey: your-sonarcloud-project-key
version: ${{ needs.build.outputs.version }}
- name: Build
uses: codebeltnet/dotnet-build@v1
with:
buildSwitches: -p:SkipSignAssembly=true
uploadBuildArtifact: false
- name: Finalize SonarCloud Analysis
uses: codebeltnet/sonarcloud-scan-finalize@v1
with:
token: ${{ secrets.SONAR_TOKEN }}
codecov:
name: π Code Coverage Analysis
needs: [build,test]
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: codebeltnet/git-checkout@v1
- name: Run CodeCov Analysis
uses: codebeltnet/codecov-scan@v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
repository: your-github-repository
codeql:
name: π‘οΈ Security Analysis
needs: [build,test]
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: codebeltnet/git-checkout@v1
- name: Install .NET
uses: codebeltnet/install-dotnet@v1
- name: Restore Dependencies
uses: codebeltnet/dotnet-restore@v1
- name: Prepare CodeQL SAST Analysis
uses: codebeltnet/codeql-scan@v1
- name: Build
uses: codebeltnet/dotnet-build@v1
with:
buildSwitches: -p:SkipSignAssembly=true
uploadBuildArtifact: false
- name: Finalize CodeQL SAST Analysis
uses: codebeltnet/codeql-scan-finalize@v1
deploy:
name: π Deploy v${{ needs.build.outputs.version }}
runs-on: ubuntu-22.04
needs: [build,pack,test,sonarcloud,codecov,codeql]
environment: Production
steps:
- uses: codebeltnet/nuget-push@v1
with:
token: ${{ secrets.NUGET_TOKEN }}
configuration: ${{ inputs.configuration == '' && 'Release' || inputs.configuration }}
Contributions are welcome! Feel free to submit issues, feature requests, or pull requests to help improve this action.
This project is licensed under the MIT License - see the LICENSE file for details.
π Analyze with Codecov
π Analyze with CodeQL
π Finalyze with CodeQL
π Docker Compose
π .NET Build
π .NET Pack
π .NET Restore
π .NET Test
π Install .NET SDK
π Install .NET Tool - MinVer
π Install .NET Tool - Report Generator
π Install .NET Tool - Sonar Scanner
π GCP Download File
π Git Checkout
π MinVer Calculate
π NuGet Push
π Shell Globbing
π Analyze with SonarCloud
π Finalyze with SonarCloud
Analyze with CodeQL is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.