fix(ci): improve CodeQL analysis quality with Unity build

JasonXuDeveloper · claude · JasonXuDeveloper · commit 5ea2162177a1 · 2026-01-25T22:24:07.000+11:00
- Use game-ci/unity-builder to compile Unity scripts before CodeQL
  analysis for proper type information
- Create centralized .github/unity-config.env for Unity CI settings
- codeql.yml reads from config file at runtime
- unity-tests.yml defaults match config file (with comments)

This resolves the "Low C# analysis quality" warning by providing
CodeQL with compiled assemblies that have full type information.

Signed-off-by: JasonXuDeveloper - 傑 &lt;jason@xgamedev.net&gt;
Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/.github/unity-config.env b/.github/unity-config.env
@@ -0,0 +1,8 @@
+# Unity CI Configuration
+# =====================
+# Centralized configuration for all Unity-related GitHub Actions workflows.
+# Update these values here to change them across all workflows.
+
+UNITY_VERSION=2022.3.55f1
+UNITY_PROJECT_PATH=UnityProject
+UNITY_TARGET_PLATFORM=StandaloneLinux64
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches: [master]
     paths:
-      # Only run when JEngine code changes
       - 'UnityProject/Packages/com.jasonxudeveloper.jengine.core/**'
       - 'UnityProject/Packages/com.jasonxudeveloper.jengine.util/**'
       - 'UnityProject/Assets/HotUpdate/Code/**'
@@ -19,7 +18,6 @@ on:
       - '.github/codeql/**'
       - '.github/workflows/codeql.yml'
   schedule:
-    # Run weekly on Sunday at 00:00 UTC
     - cron: '0 0 * * 0'
   workflow_dispatch:
 
@@ -35,16 +33,51 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          lfs: true
+
+      # Load centralized Unity configuration
+      - name: Load Unity config
+        id: unity-config
+        run: |
+          source .github/unity-config.env
+          echo "version=$UNITY_VERSION" >> $GITHUB_OUTPUT
+          echo "project_path=$UNITY_PROJECT_PATH" >> $GITHUB_OUTPUT
+          echo "target_platform=$UNITY_TARGET_PLATFORM" >> $GITHUB_OUTPUT
+
+      - name: Cache Unity Library
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.unity-config.outputs.project_path }}/Library
+          key: Library-CodeQL-${{ steps.unity-config.outputs.version }}-${{ hashFiles(format('{0}/Packages/packages-lock.json', steps.unity-config.outputs.project_path)) }}
+          restore-keys: |
+            Library-CodeQL-${{ steps.unity-config.outputs.version }}-
+            Library-CodeQL-
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4
         with:
           languages: csharp
           config-file: ./.github/codeql/codeql-config.yml
-          # Use security-and-quality queries for comprehensive analysis
           queries: security-and-quality
-          # Use buildless mode for Unity projects (no standard .NET build)
-          build-mode: none
+          build-mode: manual
+
+      - name: Compile Unity Scripts
+        uses: game-ci/unity-builder@v4
+        env:
+          UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+          UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+          UNITY_SERIAL: ${{ secrets.UNITY_SERIAL }}
+        with:
+          projectPath: ${{ steps.unity-config.outputs.project_path }}
+          unityVersion: ${{ steps.unity-config.outputs.version }}
+          targetPlatform: ${{ steps.unity-config.outputs.target_platform }}
+          buildName: CodeQL
+          customParameters: -nographics -quit
+
+      - name: Return Unity license
+        uses: game-ci/unity-return-license@v2
+        if: always()
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v4
diff --git a/.github/workflows/unity-tests.yml b/.github/workflows/unity-tests.yml
@@ -1,23 +1,26 @@
 name: Unity Tests (Reusable)
 
+# Reusable workflow for running Unity tests
+# Default values should match .github/unity-config.env
+
 on:
   workflow_call:
     inputs:
       unity_version:
-        description: 'Unity version to use for testing'
+        description: 'Unity version (default from .github/unity-config.env)'
         required: false
         type: string
-        default: '2022.3.55f1'
+        default: '2022.3.55f1'  # Keep in sync with .github/unity-config.env
       test_mode:
         description: 'Test mode to run (All, EditMode, PlayMode)'
         required: false
         type: string
         default: 'All'
       project_path:
-        description: 'Path to Unity project directory'
+        description: 'Path to Unity project (default from .github/unity-config.env)'
         required: false
         type: string
-        default: 'UnityProject'
+        default: 'UnityProject'  # Keep in sync with .github/unity-config.env
     outputs:
       test_results:
         description: 'Test results summary'
@@ -38,13 +41,11 @@ jobs:
       results: ${{ steps.test-summary.outputs.summary }}
 
     steps:
-      # Checkout repository
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           lfs: true
 
-      # Cache Unity Library folder for faster builds
       - name: Cache Unity Library
         uses: actions/cache@v4
         with:
@@ -54,7 +55,6 @@ jobs:
             Library-${{ inputs.project_path }}-${{ inputs.unity_version }}-
             Library-${{ inputs.project_path }}-
 
-      # Run EditMode tests
       - name: Run EditMode tests
         if: inputs.test_mode == 'All' || inputs.test_mode == 'EditMode'
         uses: game-ci/unity-test-runner@v4
@@ -71,7 +71,6 @@ jobs:
           githubToken: ${{ secrets.GITHUB_TOKEN }}
           checkName: EditMode Test Results
 
-      # Run PlayMode tests
       - name: Run PlayMode tests
         if: inputs.test_mode == 'All' || inputs.test_mode == 'PlayMode'
         uses: game-ci/unity-test-runner@v4
@@ -88,7 +87,6 @@ jobs:
           githubToken: ${{ secrets.GITHUB_TOKEN }}
           checkName: PlayMode Test Results
 
-      # Upload test results as artifacts
       - name: Upload EditMode test results
         if: always() && (inputs.test_mode == 'All' || inputs.test_mode == 'EditMode')
         uses: actions/upload-artifact@v4
@@ -107,7 +105,6 @@ jobs:
           if-no-files-found: warn
           retention-days: 14
 
-      # Generate test summary
       - name: Generate test summary
         id: test-summary
         if: always()
@@ -139,7 +136,6 @@ jobs:
           echo -e "$SUMMARY" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
 
-      # Return Unity license
       - name: Return Unity license
         uses: game-ci/unity-return-license@v2
         if: always()
