name: "CodeQL"

on:
  push:
    branches: [master]
    paths-ignore:
      - "**/README.md"
      - ".github/ISSUE_TEMPLATE/**"
      - "docs/**"
      - "images/**"
      - "manifest.json"
  pull_request:
    branches: [master]
    paths-ignore:
      - "**/README.md"
      - ".github/ISSUE_TEMPLATE/**"
      - "docs/**"
      - "images/**"
      - "manifest.json"

permissions: write-all

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest

    # This job will only run if the repository is public
    if: ${{ github.event.repository.private == false }}

    strategy:
      fail-fast: false
      matrix:
        language: ["csharp"]

    steps:
      - uses: actions/checkout@v4

      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 8.0.x

      - name: Install dependencies
        run: |
          dotnet nuget add source --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name jellyfin-pre "https://nuget.pkg.github.com/jellyfin/index.json"
          dotnet tool install --global dotnet-outdated-tool
          dotnet outdated -pre Always -u -inc Jellyfin

      - name: Initialize CodeQL
        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
        with:
          languages: ${{ matrix.language }}
          queries: +security-extended

      - name: Autobuild
        uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13