2.11.5c: add scan-with-codeql action #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Name of the GitHub Actions workflow | ||
name: CodeQL Analysis for PHP | ||
# Define when the workflow should be triggered | ||
on: | ||
push: | ||
branches: | ||
- development # Trigger when code is pushed to the 'development' branch | ||
# Define the jobs to be executed within the workflow | ||
jobs: | ||
build: | ||
name: Build | ||
runs-on: ubuntu-latest # Use the latest version of Ubuntu | ||
steps: Scan PHP code with CodeQL | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
# Action to check out the code from the repository | ||
# This step fetches the codebase from the GitHub repository | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
# Action to initialize the CodeQL environment | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 | ||
with: | ||
# Specify a category to distinguish between multiple analyses | ||
# for the same tool and ref. If you don't use `category` in your workflow, | ||
# GitHub will generate a default category name for you | ||
category: "Scan-PHP-code-with-CodeQL" | ||
- name: Add Metadata to SARIF | ||
run: | | ||
# Create a JSON object with metadata | ||
metadata='{ "name": "CodeQL", "Language": "PHP" }' | ||
# Merge the metadata with the existing SARIF file | ||
jq --argjson metadata "$metadata" '. + { "tool": $metadata }' < codeql-results.sarif > codeql-results-with-metadata.sarif | ||
# Replace the original SARIF file with the one containing metadata | ||
mv codeql-results-with-metadata.sarif codeql-results.sarif | ||
- name: Upload CodeQL Analysis | ||
uses: github/codeql-action/upload-sarif@v2 | ||
with: | ||
sarif_file: codeql-results.sarif | ||
# Action to upload the results of the CodeQL analysis in SARIF format | ||
# This allows for viewing and analyzing the results in the "Security" tab of your repository. | ||