Neon-Vision-Editor/.github/workflows/codeql.yml

name: "CodeQL Advanced"

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  schedule:
    - cron: '25 22 * * 1'

jobs:
  analyze:
    name: Analyze (${{ matrix.language }})
    runs-on: ${{ (matrix.language == 'swift' && 'macos-15') || 'ubuntu-latest' }}

    permissions:
      security-events: write
      packages: read
      actions: read
      contents: read

    strategy:
      fail-fast: false
      matrix:
        include:
          - language: actions
            build-mode: none
          - language: swift
            build-mode: manual

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      # -------------------------
      # Select newest Xcode
      # -------------------------
      - name: Select Xcode (Swift only)
        if: matrix.language == 'swift'
        shell: bash
        run: |
          set -euo pipefail

          echo "Available Xcode installations:"
          ls -1 /Applications | grep Xcode || true

          if [ -d "/Applications/Xcode_16.1.app" ]; then
            sudo xcode-select -s "/Applications/Xcode_16.1.app/Contents/Developer"
          elif [ -d "/Applications/Xcode_16.0.app" ]; then
            sudo xcode-select -s "/Applications/Xcode_16.0.app/Contents/Developer"
          elif [ -d "/Applications/Xcode.app" ]; then
            sudo xcode-select -s "/Applications/Xcode.app/Contents/Developer"
          else
            echo "❌ No suitable Xcode installation found"
            exit 1
          fi

          echo "Using Xcode:"
          xcodebuild -version          

      # -------------------------
      # Initialize CodeQL
      # -------------------------
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          languages: ${{ matrix.language }}
          build-mode: ${{ matrix.build-mode }}

      # -------------------------
      # Manual Swift build
      # -------------------------
      - name: Build (Swift / manual)
        if: matrix.build-mode == 'manual'
        shell: bash
        run: |
          set -euo pipefail

          PROJECT_PATH="Neon Vision Editor.xcodeproj"
          SCHEME_NAME="Neon Vision Editor"

          echo "Resolving Swift package dependencies…"
          xcodebuild -resolvePackageDependencies \
            -project "$PROJECT_PATH" \
            -scheme "$SCHEME_NAME"

          echo "Building project (code signing disabled)…"
          xcodebuild \
            -project "$PROJECT_PATH" \
            -scheme "$SCHEME_NAME" \
            -configuration Release \
            -sdk macosx \
            -destination 'platform=macOS' \
            CODE_SIGNING_ALLOWED=NO \
            CODE_SIGNING_REQUIRED=NO \
            build          

      # -------------------------
      # Analyze
      # -------------------------
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4
        with:
          category: "/language:${{ matrix.language }}"