mirror of
https://github.com/GeWuYou/GFramework.git
synced 2026-05-07 00:39:00 +08:00
0cd1e9e83a
- 配置CI构建和测试工作流,支持多.NET版本和并发测试 - 添加CodeQL静态代码分析工作流 - 实现自动版本递增和标签创建工作流 - 定义CQRS命令接口规范,包括响应式和流式命令 - 为架构测试添加空值参数异常文档注释
54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
# GitHub Actions工作流配置:CodeQL静态代码分析
|
||
# 该工作流用于对C#项目进行安全漏洞和代码质量分析
|
||
name: "CodeQL"
|
||
|
||
# 触发事件配置
|
||
# 在以下情况下触发工作流:
|
||
# 1. 推送到任意分支时
|
||
# 2. 针对任意分支的拉取请求时
|
||
# 3. 每天凌晨2点执行一次
|
||
on:
|
||
push:
|
||
branches: [ '**' ]
|
||
pull_request:
|
||
branches: [ '**' ]
|
||
schedule:
|
||
- cron: '0 2 * * *'
|
||
|
||
jobs:
|
||
# 分析任务配置
|
||
# 对C#代码进行静态分析扫描
|
||
analyze:
|
||
name: Analyze (C#)
|
||
runs-on: ubuntu-latest
|
||
permissions:
|
||
security-events: write
|
||
contents: read
|
||
|
||
steps:
|
||
- name: Checkout repository
|
||
uses: actions/checkout@v6
|
||
with:
|
||
fetch-depth: 0
|
||
|
||
# 设置.NET运行时环境
|
||
# 配置.NET 8.0.x版本支持
|
||
- name: Setup .NET
|
||
uses: actions/setup-dotnet@v5
|
||
with:
|
||
dotnet-version: |
|
||
8.0.x
|
||
|
||
# 初始化CodeQL分析环境
|
||
# 配置C#语言支持并启用自动构建模式
|
||
- name: Initialize CodeQL
|
||
uses: github/codeql-action/init@v4
|
||
with:
|
||
languages: csharp
|
||
build-mode: autobuild
|
||
|
||
# 执行CodeQL代码分析
|
||
# 运行静态分析并生成结果报告
|
||
- name: Perform CodeQL Analysis
|
||
uses: github/codeql-action/analyze@v4
|