feat(ci): migrate from Claude to GitHub Copilot code review #74
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL Security Analysis | |
| on: | |
| push: | |
| branches: [master] | |
| # Path filtering moved to job level for push events | |
| pull_request: | |
| branches: [master] | |
| # Path filtering moved to job level using dorny/paths-filter | |
| # This ensures the workflow always runs and reports a status | |
| schedule: | |
| # Run weekly on Sunday at 00:00 UTC | |
| - cron: '0 0 * * 0' | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| changes: | |
| name: Detect Changes | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # Only run path detection for push/pull_request events | |
| if: github.event_name == 'push' || github.event_name == 'pull_request' | |
| outputs: | |
| should_analyze: ${{ steps.filter.outputs.src }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| src: | |
| - 'UnityProject/Packages/com.jasonxudeveloper.jengine.core/**' | |
| - 'UnityProject/Packages/com.jasonxudeveloper.jengine.util/**' | |
| - 'UnityProject/Assets/HotUpdate/Code/**' | |
| - '.github/codeql/**' | |
| - '.github/workflows/codeql.yml' | |
| analyze: | |
| name: Analyze C# Code | |
| needs: changes | |
| # Run if: 1) changes detected, 2) schedule event, or 3) manual dispatch | |
| if: | | |
| always() && ( | |
| needs.changes.outputs.should_analyze == 'true' || | |
| github.event_name == 'schedule' || | |
| github.event_name == 'workflow_dispatch' | |
| ) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: csharp | |
| config-file: ./.github/codeql/codeql-config.yml | |
| # Use security-and-quality queries for comprehensive analysis | |
| queries: security-and-quality | |
| # Use buildless mode for Unity projects (no standard .NET build) | |
| build-mode: none | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| category: "/language:csharp" | |
| skip-analyze: | |
| name: Analyze C# Code | |
| needs: changes | |
| # Only skip for push/pull_request when no relevant changes | |
| if: | | |
| always() && | |
| (github.event_name == 'push' || github.event_name == 'pull_request') && | |
| needs.changes.outputs.should_analyze == 'false' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Skip analysis | |
| run: echo "No relevant changes detected, skipping CodeQL analysis" |