fix: Use reusable CodeQL workflow from actions-common

glennawatson · glennawatson · commit 7c695303e587 · 2026-04-03T11:06:20.000+11:00
Replaces inline CodeQL workflow with the shared reusable workflow
from reactiveui/actions-common. Enables C# and Actions scanning.

Note: GitHub default CodeQL setup must be disabled in the repo
security settings before this workflow can upload results.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,4 +1,4 @@
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:
@@ -13,63 +13,11 @@ permissions:
   contents: read
 
 jobs:
-  analyze-csharp:
-    name: Analyze C#
-    runs-on: ubuntu-latest
-    env:
-      DOTNET_CLI_WORKLOAD_UPDATE_NOTIFY_DISABLE: 1
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v6
-      with:
-        fetch-depth: 0
-
-    - name: Setup .NET Environment
-      uses: reactiveui/actions-common/.github/actions/dotnet-environment@main
-      with:
-        dotnet-versions: |
-          8.0.x
-          9.0.x
-          10.0.x
-        src-folder: src
-        solution-file: reactiveui.slnx
-        install-workloads: 'true'
-        use-nbgv: 'false'
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4
-      with:
-        languages: csharp
-        build-mode: manual
-
-    - name: Build
-      uses: reactiveui/actions-common/.github/actions/dotnet-build@main
-      with:
-        configuration: Release
-        src-folder: src
-        solution-file: reactiveui.slnx
-        create-packages: 'false'
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4
-      with:
-        category: "/language:csharp"
-
-  analyze-actions:
-    name: Analyze GitHub Actions
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v6
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4
-      with:
-        languages: actions
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4
-      with:
-        category: "/language:actions"
+  codeql:
+    uses: reactiveui/actions-common/.github/workflows/workflow-common-codeql.yml@main
+    with:
+      srcFolder: src
+      solutionFile: reactiveui.slnx
+      installWorkloads: true
+      analyzeCSharp: true
+      analyzeActions: true
