name: "CodeQL Advanced" on: push: branches: [ "main" ] pull_request: branches: [ "main" ] schedule: - cron: '25 22 * * 1' jobs: analyze: name: Analyze (${{ matrix.language }}) runs-on: ${{ (matrix.language == 'swift' && 'macos-14') || 'ubuntu-latest' }} permissions: security-events: write packages: read actions: read contents: read strategy: fail-fast: false matrix: include: - language: actions build-mode: none - language: swift build-mode: manual steps: - name: Checkout repository uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} # Manual build for Swift (required for CodeQL when autobuild fails) - name: Build (Swift / manual) if: matrix.build-mode == 'manual' shell: bash run: | set -euo pipefail # Show Xcode version for debugging xcodebuild -version # If you have an .xcworkspace, replace -project with -workspace. PROJECT_PATH="Neon Vision Editor.xcodeproj" SCHEME_NAME="Neon Vision Editor" # Resolve Swift Package dependencies (safe even if you don't use SwiftPM) xcodebuild -resolvePackageDependencies \ -project "$PROJECT_PATH" \ -scheme "$SCHEME_NAME" # Build without code signing on CI xcodebuild \ -project "$PROJECT_PATH" \ -scheme "$SCHEME_NAME" \ -configuration Release \ -sdk macosx \ -destination 'platform=macOS' \ CODE_SIGNING_ALLOWED=NO \ CODE_SIGNING_REQUIRED=NO \ build - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 with: category: "/language:${{ matrix.language }}"