Skip to content

CodeQL Security Scan Schedule #1786

CodeQL Security Scan Schedule

CodeQL Security Scan Schedule #1786

# SPDX-License-Identifier: Apache-2.0
# Licensed to the Ed-Fi Alliance under one or more agreements.
# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
# See the LICENSE and NOTICES files in the project root for more information.
name: CodeQL Security Scan Schedule
on:
schedule:
- cron: '0 0 * * *'
permissions: read-all
env:
INFORMATIONAL_VERSION: "7.3"
BUILD_INCREMENTER: "-1486"
CONFIGURATION: "Release"
HEAD_REF: ${{ GITHUB.HEAD_REF }}
REF_NAME: ${{ GITHUB.REF_NAME }}
REPOSITORY_DISPATCH_BRANCH: ${{ github.event.client_payload.branch }}
jobs:
FindStandardAndExtensionVersions:
uses: ./.github/workflows/Find Standard and Extension Versions.yml
with:
calling_branch: ${{ github.head_ref || github.ref_name }}
analyze:
if: ${{ always() }}
needs: FindStandardAndExtensionVersions
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
StandardVersion: ${{ fromJson(needs.FindStandardAndExtensionVersions.outputs.StandardVersions) }}
ExtensionVersion: ${{ fromJson(needs.FindStandardAndExtensionVersions.outputs.ExtensionVersions) }}
name: Analyze Code (Standard ${{ matrix.StandardVersion }} Extension ${{ matrix.ExtensionVersion }})
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
- name: Initialize CodeQL
uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # codeql-bundle-v2.15.2
with:
languages: 'csharp'
- name: Checkout Ed-Fi-ODS-Implementation
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
repository: Ed-Fi-Alliance-OSS/Ed-Fi-ODS-Implementation
path: Ed-Fi-ODS-Implementation/
- name: Is pull request branch exists in Ed-Fi-ODS-Implementation
working-directory: ./Ed-Fi-ODS-Implementation/
shell: pwsh
run: |
.\build.githubactions.ps1 CheckoutBranch -RelativeRepoPath "../Ed-Fi-ODS-Implementation"
- name: Checkout Ed-Fi-ODS
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
repository: Ed-Fi-Alliance-OSS/Ed-Fi-ODS
path: Ed-Fi-ODS/
- name: Is pull request branch exists in Ed-Fi-ODS
working-directory: ./Ed-Fi-ODS/
shell: pwsh
run: |
.\build.githubactions.ps1 CheckoutBranch -RelativeRepoPath "."
- name: CodeGen
working-directory: ./Ed-Fi-ODS-Implementation/
shell: pwsh
run: |
$ErrorActionPreference = 'Stop'
$PSVersionTable
. $env:GITHUB_WORKSPACE/Ed-Fi-ODS-Implementation/Initialize-PowershellForDevelopment.ps1
Invoke-CodeGen -Engine PostgreSQL -RepositoryRoot $env:GITHUB_WORKSPACE/ -StandardVersion ${{ matrix.StandardVersion }} -ExtensionVersion ${{ matrix.ExtensionVersion }}
- name: Cache Nuget packages
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj*', '**/configuration.packages.json') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: Restore NuGet packages
working-directory: ./Ed-Fi-ODS/
run: |
.\build.githubactions.ps1 restore -Solution "$env:GITHUB_WORKSPACE/Ed-Fi-ODS-Implementation/Application/Ed-Fi-Ods.sln"
shell: pwsh
- name: build
shell: pwsh
working-directory: ./Ed-Fi-ODS/
run: |
.\build.githubactions.ps1 build -Configuration ${{ env.CONFIGURATION }} -InformationalVersion ${{ env.INFORMATIONAL_VERSION}} -BuildCounter ${{ github.run_number }} -BuildIncrementer ${{env.BUILD_INCREMENTER}} -Solution "$env:GITHUB_WORKSPACE/Ed-Fi-ODS-Implementation/Application/Ed-Fi-Ods.sln" -StandardVersion ${{ matrix.StandardVersion }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # codeql-bundle-v2.15.2