intro-skipper/.github/workflows/codeql.yml

name: "CodeQL"

on:
  push:
    branches:
      - '*'  # Triggers on any branch push
    paths-ignore:
      - "**/README.md"
      - ".github/ISSUE_TEMPLATE/**"
      - "docs/**"
      - "images/**"
      - "manifest.json"

permissions: write-all

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest

    # This job will only run if the repository is public
    if: ${{ github.event.repository.private == false }}

    strategy:
      fail-fast: false
      matrix:
        language: ["csharp"]

    steps:
      - uses: actions/checkout@v4

      - name: Check for BETA file
        id: check-beta
        run: |
          if [ -f "BETA" ]; then
            echo "IS_BETA=true" >> $GITHUB_ENV
          else
            echo "IS_BETA=false" >> $GITHUB_ENV
          fi

      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 8.0.x

      - name: Restore Beta dependencies
        if: ${{env.IS_BETA == 'true' }}
        run: |
          dotnet nuget add source --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name jellyfin-pre "https://nuget.pkg.github.com/jellyfin/index.json"
          dotnet tool install --global dotnet-outdated-tool
          dotnet outdated -pre Always -u -inc Jellyfin

      - name: Restore dependencies
        if: ${{env.IS_BETA == 'false' }}
        run: dotnet restore

      - name: Initialize CodeQL
        uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
        with:
          languages: ${{ matrix.language }}
          queries: +security-extended

      - name: Autobuild
        uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
Add a replacement CodeQL action 2024-04-10 09:26:54 -04:00			`name: "CodeQL"`

			`on:`
			`push:`
ci: make github actions reusable 2024-10-18 12:39:56 +02:00			`branches:`
ci: don't build on PRs (#370) 2024-11-05 13:11:27 +00:00			`- '*' # Triggers on any branch push`
Ignores have to be applied by event 2024-04-19 21:41:03 -04:00			`paths-ignore:`
ci: format github yml files 2024-10-06 19:03:15 +02:00			`- "**/README.md"`
			`- ".github/ISSUE_TEMPLATE/**"`
			`- "docs/**"`
			`- "images/**"`
			`- "manifest.json"`
Add a replacement CodeQL action 2024-04-10 09:26:54 -04:00
Grant GitHub access to ...GitHub Why shouldn't the least secure process be the one to verify the security? 2024-04-10 23:13:45 -04:00			`permissions: write-all`
Grant repo permission to CodeQL 2024-04-10 09:43:55 -04:00
Add a replacement CodeQL action 2024-04-10 09:26:54 -04:00			`jobs:`
			`analyze:`
			`name: Analyze`
			`runs-on: ubuntu-latest`

ci: run codeql only in public repos 2024-09-28 00:59:05 +02:00			`# This job will only run if the repository is public`
			`if: ${{ github.event.repository.private == false }}`

Add a replacement CodeQL action 2024-04-10 09:26:54 -04:00			`strategy:`
			`fail-fast: false`
			`matrix:`
ci: format github yml files 2024-10-06 19:03:15 +02:00			`language: ["csharp"]`
Add a replacement CodeQL action 2024-04-10 09:26:54 -04:00
			`steps:`
ci: format github yml files 2024-10-06 19:03:15 +02:00			`- uses: actions/checkout@v4`

ci: make github actions reusable 2024-10-18 12:39:56 +02:00			`- name: Check for BETA file`
			`id: check-beta`
			`run: \|`
			`if [ -f "BETA" ]; then`
			`echo "IS_BETA=true" >> $GITHUB_ENV`
			`else`
			`echo "IS_BETA=false" >> $GITHUB_ENV`
			`fi`

ci: format github yml files 2024-10-06 19:03:15 +02:00			`- name: Setup .NET`
			`uses: actions/setup-dotnet@v4`
			`with:`
			`dotnet-version: 8.0.x`

ci: make github actions reusable 2024-10-18 12:39:56 +02:00			`- name: Restore Beta dependencies`
			`if: ${{env.IS_BETA == 'true' }}`
ci: format github yml files 2024-10-06 19:03:15 +02:00			`run: \|`
			`dotnet nuget add source --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name jellyfin-pre "https://nuget.pkg.github.com/jellyfin/index.json"`
			`dotnet tool install --global dotnet-outdated-tool`
			`dotnet outdated -pre Always -u -inc Jellyfin`

ci: make github actions reusable 2024-10-18 12:39:56 +02:00			`- name: Restore dependencies`
			`if: ${{env.IS_BETA == 'false' }}`
			`run: dotnet restore`

ci: format github yml files 2024-10-06 19:03:15 +02:00			`- name: Initialize CodeQL`
ci(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#399) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-11-25 18:04:58 +01:00			`uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5`
ci: format github yml files 2024-10-06 19:03:15 +02:00			`with:`
			`languages: ${{ matrix.language }}`
			`queries: +security-extended`

			`- name: Autobuild`
ci(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#399) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-11-25 18:04:58 +01:00			`uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5`
ci: format github yml files 2024-10-06 19:03:15 +02:00
			`- name: Perform CodeQL Analysis`
ci(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#399) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-11-25 18:04:58 +01:00			`uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5`