build.yml

name: Full Build
on:
  workflow_dispatch:
  push:
    branches: [ "main" ]
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  build:
    name: Build and analyze
    container: oraclelinux:8
    runs-on: ubuntu-latest
    steps:
      - name: Install prereqs
        run: |
          dnf install -y \
            jq \
            git \
            tar \
            libicu \
            curl
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: 17
          distribution: 'zulu' # Alternative distribution options are available.
      - name: Set up .Net 8
        uses: actions/setup-dotnet@v3.2.0
        with:
          dotnet-version: '8.0.200'
      - uses: actions/setup-node@v4
        with:
          node-version: 18
          architecture: 'x64'
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
        shell: bash
        run: |
          dotnet msbuild -restore ./InsecureProject.sln
          dotnet build ./InsecureProject.sln -m:1
      - name: Snyk
        uses: snyk/actions/dotnet@master
        continue-on-error: true
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=snyk.sarif
      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: snyk.sarif
    permissions:
      pull-requests: write
      contents: write