.github/workflows/build.yml

﻿name: Full Build
on:
  workflow_dispatch:
  push:
    branches: [ "main" ]
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  build:
    name: Build and analyze
#    container: oraclelinux:8
    runs-on: ubuntu-latest
    steps:
#      - name: Install prereqs
#        run: |
#          dnf install -y \
#            jq \
#            git \
#            tar \
#            libicu \
#            curl
      - name: Set up .Net 8
        uses: actions/setup-dotnet@v3.2.0
        with:
          dotnet-version: '8.0.200'
      - uses: actions/setup-node@v4
        with:
          node-version: 18
          architecture: 'x64'
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
        shell: bash
        run: |
          dotnet msbuild -restore ./InsecureProject.sln
          dotnet build ./InsecureProject.sln -m:1
      - name: Snyk
        uses: snyk/actions/dotnet@master
        continue-on-error: true
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=snyk.sarif --all-projects --detection-depth=5
      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: snyk.sarif
    permissions:
      pull-requests: write
      contents: write
      security-events: write