Create codescan.yml (#26)

Signed-off-by: Sascha Ronnie Daoudia <85792632+Dadudidas@users.noreply.github.com>
2024-03-18 16:57:31 +01:00 · 2024-03-18 16:57:31 +01:00 · 03bf6c9330
commit 03bf6c9330
parent dd88c2fdee
1 changed files with 49 additions and 0 deletions
--- a/.github/workflows/codescan.yml
+++ b/.github/workflows/codescan.yml
@ -0,0 +1,49 @@
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 # This workflow requires that you have an existing account with codescan.io
 # For more information about configuring your workflow,
 # read our documentation at https://github.com/codescan-io/codescan-scanner-action
 name: CodeScan
 on:
  push:
    branches: [ "development" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "development" ]
  schedule:
    - cron: '25 6 * * 6'
 permissions:
  contents: read
 jobs:
    CodeScan:
        permissions:
          contents: read # for actions/checkout to fetch code
          security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
          actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
        runs-on: ubuntu-latest
        steps:
            -   name: Checkout repository
                uses: actions/checkout@v3
            -   name: Cache files
                uses: actions/cache@v3
                with:
                    path: |
                        ~/.sonar
                    key: ${{ runner.os }}-sonar
                    restore-keys: ${{ runner.os }}-sonar
            -   name: Run Analysis
                uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12
                with:
                    login: ${{ secrets.CODESCAN_AUTH_TOKEN }}
                    organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
                    projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
            -   name: Upload SARIF file
                uses: github/codeql-action/upload-sarif@v2
                with:
                    sarif_file: codescan.sarif