I have multiple .NET Framework solutions in my repository. How do I build them all?
If you have multiple .NET Framework applications in the same repository you can build them in parallel with a minor configuration change to ensure results are deduplication correctly.
Below is an example of a GitHub Actions workflow that builds multiple .NET Framework 4.x applications and runs a CodeQL scan.
name: CodeQL
on:
push:
branches: { }
pull_request:
branches: { }
schedule:
- cron: 20 12 * * 4
jobs:
analyze-csharp-solution-1:
name: 'Analyze C# Solution 1'
runs-on: windows-8-cores-latest
timeout-minutes: 30
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
lfs: true
- name: Setup MSBuild
uses: microsoft/setup-msbuild@v1
- name: Setup NuGet
uses: nuget/setup-nuget@v1
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: csharp
- name: Restore NuGet Packages
run: nuget restore <path>\<to>\<solution-1>.sln
- name: Build Solution
run: msbuild <path>\<to>\<solution-1>.sln /t:rebuild /p:Platform="Any CPU" /p:Configuration="Debug"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: '/language:csharp-solution-1'
analyze-csharp-solution-2:
name: 'Analyze C# Solution 2'
runs-on: windows-8-cores-latest
timeout-minutes: 30
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
lfs: true
- name: Setup MSBuild
uses: microsoft/setup-msbuild@v1
- name: Setup NuGet
uses: nuget/setup-nuget@v1
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: csharp
- name: Restore NuGet Packages
run: nuget restore <path>\<to>\<solution-2>.sln
- name: Build Solution
run: msbuild <path>\<to>\<solution-2>.sln /t:rebuild /p:Platform="Any CPU" /p:Configuration="Debug"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: '/language:csharp-solution-2'
In the example above we have two jobs, analyze-csharp-solution-1
and analyze-csharp-solution-2
. Each job is responsible for building and scanning a different .NET Framework solution. The key difference between the two jobs is the category
parameter in the github/codeql-action/analyze
action. This parameter is used to ensure that results are deduplicated correctly. You should set the category
parameter to a unique value for each solution. This will ensure that results are deduplicated correctly and that you can see the results for each solution separately in the CodeQL interface.
Building .NET Framework applications requires you to do some additional work. In particular, you must set up NuGet and MSBuild. You can see in the example above that we are using the microsoft/setup-msbuild
and nuget/setup-nuget
actions to do this.
Many .NET Framework applications also contain NuGet packages in the repository itself and many of these are tracked using Large File Storage (LFS). You can see in the example above that we are using the actions/checkout
action to checkout the repository and we are using the lfs: true
option to ensure that LFS files are checked out correctly. This is optional and will not affect your scan if you leave it enabled and your repository does not contain LFS files.
Once we’ve set up our build environment we then run the nuget
restore command to restore the NuGet packages, and then we run the msbuild
command to build the solution. Once the solution is built we can then run the CodeQL analysis using the github/codeql-action/analyze
action.