Skip to content

Feature/security workflows #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Jul 22, 2025
57 changes: 17 additions & 40 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,13 @@
name: CodeQL (Swift) - SAST
name: CodeQL ( Swift ) - SAST

on:
workflow_call:
inputs:
scheme:
description: 'xcodebuild scheme arg'
required: true
type: string
project:
description: 'xcodebuild project arg'
required: true
type: string
workspace:
description: 'Optional xcodebuild workspace arg'
required: false
type: string
command:
description: 'Optional application build command, overrides build-scheme and build-workspace'
required: false
type: string
timeout-minutes:
description: 'Optional override for larger builds'
required: false
default: 30
type: number
pull_request:
branches:
- master
push:
branches:
- master
workflow_dispatch:

permissions:
security-events: write
Expand All @@ -40,7 +24,7 @@ jobs:
code-scanning:
name: Code Scanning
runs-on: macos-15
timeout-minutes: ${{ inputs.timeout-minutes }}
timeout-minutes: 30
strategy:
fail-fast: false

Expand All @@ -51,7 +35,7 @@ jobs:
- name: Setup Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '${{ matrix.xcode_version }}'
xcode-version: '16.2'

- name: Carthage [Setup cache]
uses: actions/cache@v3
Expand All @@ -76,30 +60,28 @@ jobs:
debug: true

- name: xcodebuild (default)
if: ${{ inputs.build-command == '' }}
run: |
project=${{ inputs.project }}
os_version=17.5
device="iPhone 15 Pro"
destination="platform=iOS Simulator,name=${device},OS=${os_version}"

scheme=${{ inputs.scheme }}
scheme=HyperwalletUISDK
build_dir=${HOME}/Library/Developer/Xcode/DerivedData/${scheme}
source_packages=${build_dir}/SourcePackages

args=(
"-configuration Debug"
"-scheme ${scheme}"
"-project ${project}"
"-scheme HyperwalletUISDK"
"-destination '${destination}'"
"-derivedDataPath ${build_dir}"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"-destination '${destination}'"
"-destination 'generic/platform=iOS Simulator'"

"-clonedSourcePackagesDirPath ${source_packages}"
"-disableAutomaticPackageResolution"
"-scmProvider system"
"-scmProvider system"
"-destination 'generic/platform=iOS Simulator'"
)

if [[ -n "${{ inputs.build-workspace }}" ]]; then
args+=("-workspace ${{ inputs.build-workspace }}")
if [[ -n "HyperwalletUISDK.xcodeproj" ]]; then
t=1
#args+=("-workspace HyperwalletUISDK.xcodeproj")
fi

args+=("clean")
Expand All @@ -109,11 +91,6 @@ jobs:
echo "${build_cmd}"
eval "${build_cmd}"

- name: xcodebuild (custom)
if: ${{ inputs.build-command != '' }}
run: |
${{ inputs.build-command }}

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
Expand Down
Loading