feat: Improve OSSF score #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Software Name: OUDS Flutter | |
| # SPDX-FileCopyrightText: Copyright (c) Orange SA | |
| # SPDX-License-Identifier: MIT | |
| # | |
| # This software is distributed under the MIT license, | |
| # the text of which is available at https://opensource.org/license/MIT/ | |
| # or see the "LICENSE" file for more details. | |
| # | |
| # Software description: Flutter library of reusable graphical components | |
| name: CodeQL - SAST Analysis | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| schedule: | |
| - cron: '0 1 * * 1' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| analyze: | |
| name: CodeQL SAST Analysis (Dart) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Flutter | |
| uses: ./.github/actions/setup | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 | |
| with: | |
| languages: swift | |
| queries: security-extended,security-and-quality | |
| - name: Build for CodeQL | |
| run: | | |
| cd app | |
| flutter build apk --debug || true | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 | |
| with: | |
| category: "/language:swift" | |
| upload: always | |