# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # # Find more information at: # https://github.com/microsoft/msvc-code-analysis-action name: Microsoft C++ Code Analysis on: push: branches: [ "develop" ] pull_request: branches: [ "develop" ] schedule: - cron: '44 17 * * 1' env: # Path to the CMake build directory. build: '${{ github.workspace }}/build' permissions: contents: read jobs: analyze: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status name: Analyze runs-on: windows-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Configure CMake run: cmake -B ${{ env.build }} # Build is not required unless generated source files are used # - name: Build CMake # run: cmake --build ${{ env.build }} - name: Initialize MSVC Code Analysis uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99 # Provide a unique ID to access the sarif output path id: run-analysis with: cmakeBuildDirectory: ${{ env.build }} # Ruleset file that will determine what checks will be run ruleset: NativeRecommendedRules.ruleset - name: Patch SARIF for GitHub upload shell: pwsh run: | $sarif = Get-Content "${{ steps.run-analysis.outputs.sarif }}" -Raw | ConvertFrom-Json $i = 0 foreach ($run in $sarif.runs) { $run.properties.category = "run-$i"; $i++ } $sarif | ConvertTo-Json -Depth 100 | Out-File -Encoding utf8 "${{ env.build }}/results_fixed.sarif" - name: Upload SARIF to GitHub uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ env.build }}/results_fixed.sarif