# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # # Find more information at: # https://github.com/microsoft/msvc-code-analysis-action name: Microsoft C++ Code Analysis on: push: paths-ignore: - 'docker-compose/**' - 'docs/**' - 'README.md' pull_request: schedule: - cron: '40 10 * * 0' env: # Path to the CMake build directory. build: '${{ github.workspace }}/build' config: 'Release' jobs: analyze: name: Analyze timeout-minutes: 60 runs-on: windows-latest steps: - name: Checkout repository uses: actions/checkout@v4 with: submodules: recursive - name: Configure CMake run: cmake -B ${{ env.build }} -DCMAKE_BUILD_TYPE=${{ env.config }} # Build is not required unless generated source files are used # - name: Build CMake # run: cmake --build ${{ env.build }} - name: Initialize MSVC Code Analysis uses: microsoft/msvc-code-analysis-action@96315324a485db21449515180214ecb78c16a1c5 # Provide a unique ID to access the sarif output path id: run-analysis with: cmakeBuildDirectory: ${{ env.build }} buildConfiguration: ${{ env.config }} # Ruleset file that will determine what checks will be run ruleset: NativeRecommendedRules.ruleset # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} # Upload SARIF file as an Artifact to download and view - name: Upload SARIF as an Artifact uses: actions/upload-artifact@v4 with: name: sarif-file path: ${{ steps.run-analysis.outputs.sarif }}