TotalFreedomMod/.github/workflows/codacy-analysis.yml

# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature.  For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.

name: Codacy Security Scan

on:
  push:
    branches: [ development ]
  pull_request:
    branches: [ development ]

jobs:
  codacy-security-scan:
    name: Codacy Security Scan
    runs-on: ubuntu-latest
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
        uses: actions/checkout@v3

      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
      - name: Run Codacy Analysis CLI
        uses: codacy/codacy-analysis-cli-action@v4.2.0
        with:
          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
          # You can also omit the token and run the tools that support default configurations
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
          verbose: true
          output: results.sarif
          format: sarif
          # Adjust severity of non-security issues
          gh-code-scanning-compat: true
          # Force 0 exit code to allow SARIF file generation
          # This will handover control about PR rejection to the GitHub side
          max-allowed-issues: 2147483647

      # Upload the SARIF file generated in the previous step
      - name: Upload SARIF results file
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif
Create codacy-analysis.yml 2020-12-02 20:23:31 +00:00			`# This workflow checks out code, performs a Codacy security scan`
			`# and integrates the results with the`
			`# GitHub Advanced Security code scanning feature. For more information on`
			`# the Codacy security scan action usage and parameters, see`
			`# https://github.com/codacy/codacy-analysis-cli-action.`
			`# For more information on Codacy Analysis CLI in general, see`
			`# https://github.com/codacy/codacy-analysis-cli.`

			`name: Codacy Security Scan`

			`on:`
			`push:`
			`branches: [ development ]`
			`pull_request:`
			`branches: [ development ]`

			`jobs:`
			`codacy-security-scan:`
			`name: Codacy Security Scan`
			`runs-on: ubuntu-latest`
			`steps:`
			`# Checkout the repository to the GitHub Actions runner`
			`- name: Checkout code`
Bump actions/checkout from 2 to 3 (#202) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-06-05 15:29:29 +00:00			`uses: actions/checkout@v3`
Create codacy-analysis.yml 2020-12-02 20:23:31 +00:00
			`# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis`
			`- name: Run Codacy Analysis CLI`
Bump codacy/codacy-analysis-cli-action from 4.1.0 to 4.2.0 (#269) Bumps [codacy/codacy-analysis-cli-action](https://github.com/codacy/codacy-analysis-cli-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/codacy/codacy-analysis-cli-action/releases) - [Commits](https://github.com/codacy/codacy-analysis-cli-action/compare/v4.1.0...v4.2.0) --- updated-dependencies: - dependency-name: codacy/codacy-analysis-cli-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan <Wild1145@users.noreply.github.com> 2022-11-03 12:20:56 +00:00			`uses: codacy/codacy-analysis-cli-action@v4.2.0`
Create codacy-analysis.yml 2020-12-02 20:23:31 +00:00			`with:`
			`# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository`
			`# You can also omit the token and run the tools that support default configurations`
			`project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}`
			`verbose: true`
			`output: results.sarif`
			`format: sarif`
			`# Adjust severity of non-security issues`
			`gh-code-scanning-compat: true`
			`# Force 0 exit code to allow SARIF file generation`
			`# This will handover control about PR rejection to the GitHub side`
			`max-allowed-issues: 2147483647`

			`# Upload the SARIF file generated in the previous step`
			`- name: Upload SARIF results file`
Bump github/codeql-action from 1 to 2 (#225) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-06-04 23:15:42 +00:00			`uses: github/codeql-action/upload-sarif@v2`
Create codacy-analysis.yml 2020-12-02 20:23:31 +00:00			`with:`
			`sarif_file: results.sarif`