Add CodeQL configuration for security analysis (#1593)

clairernovotny · Copilot · web-flow · commit 019fb434cab4 · 2025-09-25T17:18:07.000-04:00
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
@@ -0,0 +1,9 @@
+name: humanizer-codeql
+queries:
+  - uses: security-extended
+  - uses: security-and-quality
+paths:
+  - src/Humanizer/
+paths-ignore:
+  - src/**/bin/**
+  - src/**/obj/**
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -14,8 +14,16 @@ name: "CodeQL Advanced"
 on:
   push:
     branches: [ "main" ]
+    paths:
+      - 'src/**'
+      - '.github/codeql/**'
+      - '.github/workflows/codeql.yml'
   pull_request:
     branches: [ "main" ]
+    paths:
+      - 'src/**'
+      - '.github/codeql/**'
+      - '.github/workflows/codeql.yml'
   schedule:
     - cron: '41 11 * * 2'
 
@@ -34,6 +42,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         fetch-depth: 0
+        fetch-tags: true
 
     # Add any setup steps before running the `github/codeql-action/init` action.
     # This includes steps like installing compilers or runtimes (`actions/setup-node`
@@ -49,15 +58,13 @@ jobs:
       with:
         languages: csharp
         build-mode: manual
+        config-file: .github/codeql/codeql-config.yml
 
     - name: Build
       working-directory: src
       shell: pwsh
       run: |
-        dotnet --info
-        dotnet build -c Release --nologo --verbosity minimal
+        dotnet build Humanizer/Humanizer.csproj -c Release --nologo --verbosity minimal
          
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:csharp"
