external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-09-09 14:00:56 +00:00
Code Issues Projects Releases Wiki Activity

Add codeql workflow (#655)

Browse Source 
* Add codeql workflow

* Disable signing on codeql workflow

Updated build command to disable code signing.

* Archive

* Temporarily disable previews

* Try disabling hardening

* Release mode

* Previews

* Temporarily disable.

* Update xcodebuild command in codeql.yml

* Try swift build output

* Fix

* Revert "Fix"

This reverts commit 064172779a.

* Revert "Try swift build output"

This reverts commit a3aa982223.

* Reset most stuff back to main

* Cleanup workflows and limit a few jobs to read.

* .
This commit is contained in:
Max Goedjen 2025-09-03 23:46:21 -07:00 committed by GitHub
parent 3d5f0b45bd
commit e0c24917f2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 52 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
.github/workflows/codeql.yml vendored Normal file
View File

@ -0,0 +1,47 @@
name: "CodeQL Advanced"
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '26 15 * * 3'
jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
security-events: write
packages: read
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
# Disable this until CodeQL supports Xcode 26 builds.
# - language: swift
# build-mode: manual
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
name: "Select Xcode"
run: sudo xcrun xcode-select -s /Applications/Xcode_26.0.app
- if: matrix.build-mode == 'manual'
name: "Build"
run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

1
.github/workflows/nightly.yml vendored
View File

@ -7,7 +7,6 @@ on:
jobs: jobs:
build: build:
# runs-on: macOS-latest
runs-on: macos-15 runs-on: macos-15
permissions: permissions:
id-token: write id-token: write

6
.github/workflows/release.yml vendored
View File

@ -6,7 +6,8 @@ on:
- '*' - '*'
jobs: jobs:
test: test:
# runs-on: macOS-latest permissions:
contents: read
runs-on: macos-15 runs-on: macos-15
timeout-minutes: 10 timeout-minutes: 10
steps: steps:
@ -25,12 +26,11 @@ jobs:
- name: Test - name: Test
run: swift test --build-system swiftbuild --package-path Sources/Packages run: swift test --build-system swiftbuild --package-path Sources/Packages
build: build:
# runs-on: macOS-latest
runs-on: macos-15
permissions: permissions:
id-token: write id-token: write
contents: write contents: write
attestations: write attestations: write
runs-on: macos-15
timeout-minutes: 10 timeout-minutes: 10
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v5

3
.github/workflows/test.yml vendored
View File

@ -3,7 +3,8 @@ name: Test
on: [push, pull_request] on: [push, pull_request]
jobs: jobs:
test: test:
# runs-on: macOS-latest permissions:
contents: read
runs-on: macos-15 runs-on: macos-15
timeout-minutes: 10 timeout-minutes: 10
steps: steps: