.github/workflows/msvc.yml - third_party/json - Git at Google

 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 #
 # Find more information at:
 # https://github.com/microsoft/msvc-code-analysis-action

 name: Microsoft C++ Code Analysis

 on:
   push:
     branches: [ "develop" ]
   pull_request:
     branches: [ "develop" ]
   schedule:
     - cron: '44 17 * * 1'

 env:
   # Path to the CMake build directory.
   build: '${{ github.workspace }}/build'

 permissions:
   contents: read

 jobs:
   analyze:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Analyze
     runs-on: windows-latest

     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

       - name: Configure CMake
         run: cmake -B ${{ env.build }}

       # Build is not required unless generated source files are used
       # - name: Build CMake
       #   run: cmake --build ${{ env.build }}

       - name: Initialize MSVC Code Analysis
         uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
         # Provide a unique ID to access the sarif output path
         id: run-analysis
         with:
           cmakeBuildDirectory: ${{ env.build }}
           # Ruleset file that will determine what checks will be run
           ruleset: NativeRecommendedRules.ruleset

       - name: Patch SARIF with unique categories
         shell: pwsh
         run: |
           $sarifPath = "${{ steps.run-analysis.outputs.sarif }}"
           $outputPath = "${{ env.build }}\results_fixed.sarif"

           $sarif = Get-Content $sarifPath -Raw | ConvertFrom-Json

           for ($i = 0; $i -lt $sarif.runs.Count; $i++) {
             $run = $sarif.runs[$i]

             # Ensure properties exists
             if ($null -eq $run.PSObject.Properties['properties']) {
               $run | Add-Member -NotePropertyName 'properties' -NotePropertyValue @{}
             }

             # Add or overwrite category
             $run.properties['category'] = "run-$i"
           }

           $sarif | ConvertTo-Json -Depth 100 | Set-Content -Encoding utf8 $outputPath
           Write-Host "✅ Wrote patched SARIF to $outputPath"

       # Upload SARIF file to GitHub Code Scanning Alerts
       - name: Upload SARIF to GitHub
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{ env.build }}/results_fixed.sarif

       # Upload SARIF file as an Artifact to download and view
       #- name: Upload SARIF as an Artifact
       #  uses: actions/upload-artifact@v4
       #  with:
       #    name: sarif-file
       #    path: ${{ steps.run-analysis.outputs.sarif }}
	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.
	#
	# Find more information at:
	# https://github.com/microsoft/msvc-code-analysis-action

	name: Microsoft C++ Code Analysis

	on:
	push:
	branches: [ "develop" ]
	pull_request:
	branches: [ "develop" ]
	schedule:
	- cron: '44 17 * * 1'

	env:
	# Path to the CMake build directory.
	build: '${{ github.workspace }}/build'

	permissions:
	contents: read

	jobs:
	analyze:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	name: Analyze
	runs-on: windows-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Configure CMake
	run: cmake -B ${{ env.build }}

	# Build is not required unless generated source files are used
	# - name: Build CMake
	# run: cmake --build ${{ env.build }}

	- name: Initialize MSVC Code Analysis
	uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
	# Provide a unique ID to access the sarif output path
	id: run-analysis
	with:
	cmakeBuildDirectory: ${{ env.build }}
	# Ruleset file that will determine what checks will be run
	ruleset: NativeRecommendedRules.ruleset

	- name: Patch SARIF with unique categories
	shell: pwsh
	run: \|
	$sarifPath = "${{ steps.run-analysis.outputs.sarif }}"
	$outputPath = "${{ env.build }}\results_fixed.sarif"

	$sarif = Get-Content $sarifPath -Raw \| ConvertFrom-Json

	for ($i = 0; $i -lt $sarif.runs.Count; $i++) {
	$run = $sarif.runs[$i]

	# Ensure properties exists
	if ($null -eq $run.PSObject.Properties['properties']) {
	$run \| Add-Member -NotePropertyName 'properties' -NotePropertyValue @{}
	}

	# Add or overwrite category
	$run.properties['category'] = "run-$i"
	}

	$sarif \| ConvertTo-Json -Depth 100 \| Set-Content -Encoding utf8 $outputPath
	Write-Host "✅ Wrote patched SARIF to $outputPath"

	# Upload SARIF file to GitHub Code Scanning Alerts
	- name: Upload SARIF to GitHub
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ${{ env.build }}/results_fixed.sarif

	# Upload SARIF file as an Artifact to download and view
	#- name: Upload SARIF as an Artifact
	# uses: actions/upload-artifact@v4
	# with:
	# name: sarif-file
	# path: ${{ steps.run-analysis.outputs.sarif }}