on-pullrequest-cs.yml

# SPDX-License-Identifier: Apache-2.0
# Licensed to the Ed-Fi Alliance under one or more agreements.
# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
# See the LICENSE and NOTICES files in the project root for more information.

name: On Pull Request - C#

on:
  pull_request:
    branches:
      - main
    paths:
      - "**/*.cs"
      - "**/*.csproj"
      - ".github/workflows/on-pullrequest-cs.yml"
  workflow_dispatch:

jobs:
  scan-actions-bidi:
    name: Scan Actions, scan all files for BIDI Trojan Attacks
    uses: ed-fi-alliance-oss/ed-fi-actions/.github/workflows/repository-scanner.yml@main

  run-cs-tests:
    name: Run C# Tests
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: src
        shell: pwsh
    steps:
      - name: Checkout the Repo
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

      - name: Setup .NET
        uses: actions/setup-dotnet@607fce577a46308457984d59e4954e075820f10a # v3.0.3
        with:
          global-json-file: src/global.json

      - name: Dependency Review ("Dependabot on PR")
        uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3

      - name: Initialize CodeQL
        if: success()
        uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # codeql-bundle-v2.15.2
        with:
          languages: csharp

      # Must build the software after initialization of CodeQL; something about
      # CodeQL initialization causes the resulting build to fail unit tests.
      # Therefore rebuilding here, even though also built above.
      - name: Build for CodeQL
        run: dotnet build webapi --nologo

      - name: Perform CodeQL Analysis
        if: success()
        uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # codeql-bundle-v2.15.2