How do I build a .NET Framework Application on GitHub Actions?
.NET Framework is the precursor to .NET Core and .NET 5. It is a Windows-only framework that is not cross-platform. You can build and scan .NET Framework applications using GitHub Actions by leveraging a Windows runner.
Below is an example of a GitHub Actions workflow that builds a .NET Framework 4.x application and runs a CodeQL scan.
name: "CodeQL"
on:
push:
branches: {}
pull_request:
branches: {}
schedule:
- cron: '20 12 * * 4'
jobs:
analyze-csharp:
name: Analyze C#
runs-on: windows-8-cores-latest
timeout-minutes: 30
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
lfs: true
- name: Setup MSBuild
uses: microsoft/setup-msbuild@v1
- name: Setup NuGet
uses: nuget/setup-nuget@v1
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: csharp
- name: Restore NuGet Packages
run: nuget restore <path>\<to>\<solution>.sln
- name: Build Solution
run: msbuild <path>\<to>\<solution>.sln /t:rebuild /p:Platform="Any CPU" /p:Configuration="Debug"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:csharp"
Building .NET Framework applications requires you to do some additional work. In particular, you must set up NuGet and MSBuild. You can see in the example above that we are using the microsoft/setup-msbuild
and nuget/setup-nuget
actions to do this.
Many .NET Framework applications also contain NuGet packages in the repository itself and many of these are tracked using Large File Storage (LFS). You can see in the example above that we are using the actions/checkout
action to checkout the repository and we are using the lfs: true
option to ensure that LFS files are checked out correctly. This is optional and will not affect your scan if you leave it enabled and your repository does not contain LFS files.
Once we’ve set up our build environment we then run the nuget
restore command to restore the NuGet packages, and then we run the msbuild
command to build the solution. Once the solution is built we can then run the CodeQL analysis using the github/codeql-action/analyze
action.