Skip to content

Use NuGet lock files #2837

Use NuGet lock files

Use NuGet lock files #2837

Workflow file for this run

name: ASF-code-quality
on: [push, pull_request]
env:
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_NOLOGO: true
permissions:
checks: write
contents: write
pull-requests: write
security-events: write
jobs:
main:
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- name: Checkout code
if: github.event_name != 'pull_request'
uses: actions/checkout@v4.1.1
with:
show-progress: false
- name: Checkout code (for PR)
if: github.event_name == 'pull_request'
uses: actions/checkout@v4.1.1
with:
fetch-depth: 100 # History is required for pull request analysis
ref: ${{ github.event.pull_request.head.sha }} # To check out the actual pull request commit, not the merge commit
show-progress: false
- name: Run Qodana scan
uses: JetBrains/qodana-action@v2023.3.2
with:
args: --property=idea.headless.enable.statistics=false
env:
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
- name: Report Qodana results to GitHub
uses: github/codeql-action/upload-sarif@v3.24.10
with:
sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json