Skip to content

fix: captured variables stay readable after re-enabling a pause point while paused #2642

fix: captured variables stay readable after re-enabling a pause point while paused

fix: captured variables stay readable after re-enabling a pause point while paused #2642

Workflow file for this run

name: Security Code Scan
on:
push:
branches: [ main, develop, v3-beta ]
paths:
- 'Packages/src/**/*.cs'
- 'Assets/**/*.cs'
- 'cli/**/*.go'
- 'cli/.golangci.yml'
- 'cli/.go-version'
- '**/go.mod'
- '**/go.sum'
pull_request:
branches: [ main, v3-beta ]
paths:
- 'Packages/src/**/*.cs'
- 'Assets/**/*.cs'
- 'cli/**/*.go'
- 'cli/.golangci.yml'
- 'cli/.go-version'
- '**/go.mod'
- '**/go.sum'
workflow_dispatch:
jobs:
security-scan:
name: C# Security Analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Setup .NET
uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7
with:
dotnet-version: '6.0.x'
- name: Run SecurityCodeScan on Unity CLI Loop Package
run: |
# Create a temporary project file for scanning
cat > temp-unity-cli-loop.csproj << 'EOF'
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<Nullable>enable</Nullable>
<TreatWarningsAsErrors>false</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<Compile Include="Packages/src/**/*.cs" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="SecurityCodeScan.VS2019" Version="5.6.7" PrivateAssets="all" />
</ItemGroup>
</Project>
EOF
# Run dotnet build to trigger SecurityCodeScan analysis
dotnet restore temp-unity-cli-loop.csproj
# Build with continue on error and create a basic SARIF file if scanning fails
if ! dotnet build temp-unity-cli-loop.csproj --configuration Release --verbosity normal --no-restore; then
echo "SecurityCodeScan completed with warnings/errors - creating placeholder SARIF"
cat > security-results.sarif << 'SARIF_EOF'
{
"version": "2.1.0",
"$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.5",
"runs": [
{
"tool": {
"driver": {
"name": "SecurityCodeScan",
"informationUri": "https://security-code-scan.github.io/",
"version": "5.6.7"
}
},
"results": []
}
]
}
SARIF_EOF
else
echo "SecurityCodeScan completed successfully"
fi
- name: Upload SARIF results to GitHub
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa
if: always() && hashFiles('security-results.sarif') != ''
with:
sarif_file: security-results.sarif
category: "SecurityCodeScan"
- name: Upload security scan results as artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
if: always()
with:
name: security-scan-results
path: security-results.sarif
go-security:
name: Go CLI Security Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
with:
go-version-file: cli/.go-version
cache: false
- name: Install golangci-lint
run: |
go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.0
echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH"
- name: Check Go CLI
run: scripts/check-go-cli.sh
- name: Install govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH"
- name: Run govulncheck
run: |
for module_dir in cli/common cli/dispatcher cli/project-runner cli/release-automation; do
(cd "$module_dir" && govulncheck ./...)
done