mirror of
https://github.com/GeWuYou/GFramework.git
synced 2026-03-22 10:34:30 +08:00
edef111ce7
- 为MegaLinter添加缓存机制以加速代码质量检查 - 为TruffleHog添加缓存机制以提升安全扫描效率 - 扩展NuGet包缓存路径并包含更多依赖目录 - 添加.NET工具缓存以减少重复下载时间 - 将CodeQL构建模式从自动改为手动控制 - 更新.NET版本配置仅保留8.0.x版本支持 - 调整仓库检出深度设置以优化拉取速度
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
# GitHub Actions工作流配置:CodeQL静态代码分析
|
||
# 该工作流用于对C#项目进行安全漏洞和代码质量分析
|
||
name: "CodeQL"
|
||
|
||
# 触发事件配置
|
||
# 在以下情况下触发工作流:
|
||
# 1. 推送到main分支时
|
||
# 2. 针对main分支的拉取请求时
|
||
# 3. 每天凌晨2点执行一次
|
||
on:
|
||
push:
|
||
branches: [ "main" ]
|
||
pull_request:
|
||
branches: [ "main" ]
|
||
schedule:
|
||
- cron: '0 2 * * *'
|
||
|
||
jobs:
|
||
# 分析任务配置
|
||
# 对C#代码进行静态分析扫描
|
||
analyze:
|
||
name: Analyze (C#)
|
||
runs-on: ubuntu-latest
|
||
permissions:
|
||
security-events: write
|
||
contents: read
|
||
|
||
steps:
|
||
- name: Checkout repository
|
||
uses: actions/checkout@v6
|
||
with:
|
||
fetch-depth: 0
|
||
|
||
# 设置.NET运行时环境
|
||
# 配置.NET 8.0.x版本支持
|
||
- name: Setup .NET
|
||
uses: actions/setup-dotnet@v5
|
||
with:
|
||
dotnet-version: |
|
||
8.0.x
|
||
|
||
# 初始化CodeQL分析环境
|
||
# 配置C#语言支持并启用自动构建模式
|
||
- name: Initialize CodeQL
|
||
uses: github/codeql-action/init@v4
|
||
with:
|
||
languages: csharp
|
||
build-mode: manual
|
||
# 手动构建项目
|
||
- name: Build
|
||
run: dotnet build -c Release
|
||
|
||
# 执行CodeQL代码分析
|
||
# 运行静态分析并生成结果报告
|
||
- name: Perform CodeQL Analysis
|
||
uses: github/codeql-action/analyze@v4
|