name: "CodeQL Code Scanning"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  merge_group:
    types: [checks_requested]
  pull_request:
  workflow_dispatch:

permissions: {}

jobs:
  CodeQL:
    runs-on: ubuntu-latest

    permissions:
      contents: read
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          submodules: "true"

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          config-file: ./.github/codeql/codeql-config.yml
          queries: security-and-quality
          languages: cpp, java

      - name: Setup dependencies
        uses: ./.github/actions/setup-dependencies
        with:
          build-type: Debug
          qt-version: 6.4.3

      - name: Configure and Build
        run: |
          cmake --preset linux -DLauncher_USE_PCH=OFF
          cmake --build --preset linux --config Debug

      - name: Run tests
        run: |
          ctest --preset linux --build-config Debug --extra-verbose --output-on-failure

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4