Reusable Workflows for GitHub CodeQL

This repository contains reusable workflows for integrating GitHub CodqQL into your CI/CD pipeline.

These workflows is part of the Codebelt umbrella and ensures a consistent way of:

• Defining your CI/CD pipeline
• Structuring your repository
• Keeping your codebase small and feasible
• Writing clean and maintainable code
• Deploying your code to different environments
• Automating as much as possible

A paved path to excel as a DevSecOps Engineer.

Available Workflows

• default.yml - the default workflow that:
  • fetches the codebase,
  • installs the .NET SDK,
  • restores the dependencies,
  • runs the GitHub CodeQL analysis,
  • builds the solution,
  • finalizes the GitHub CodeQL analysis.

Usage

To call this workflow in your GitHub repository, you can follow these steps:

codeql-call:
    uses: codebeltnet/jobs-codeql/.github/workflows/default.yml@v1

Inputs

with:
  # Optional path to the project(s) file to build. Pass empty to have MSBuild use the default behavior. Supports globbing. Default is an empty string.
  projects:
  # When set to true, includes preview versions of .NET. Default is false.
  include-preview: false
  # The maximum time in minutes to allow the job to run. Default is 15 minutes.
  timeout-minutes: 15

Secrets

This workflow has no secrets.

Outputs

This workflow has no outputs.

Example

jobs:
  sonarcloud:
    name: call-codeql
    needs: [build,test]
    uses: codebeltnet/jobs-codeql/.github/workflows/default@v2
    with:
      include-preview: true

Contributing to Reusable Workflows for SonarQube Cloud

Contributions are welcome! Feel free to submit issues, feature requests, or pull requests to help improve these workflows.

License

This project is licensed under the MIT License - see the LICENSE file for details.