diff --git a/.github/workflows/ci-codeql.yml b/.github/workflows/ci-codeql.yml
new file mode 100644
index 00000000..cb4e748a
--- /dev/null
+++ b/.github/workflows/ci-codeql.yml
@@ -0,0 +1,248 @@
+name: "CodeQL Advanced"
+
+concurrency:
+ group: codeql-${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
+on:
+ push:
+ branches: [ "core" ]
+ pull_request:
+ branches: [ "core" ]
+ types: [ ready_for_review, synchronize, reopened ]
+ paths-ignore:
+ - '**/*.md'
+ - 'docs/**'
+ - '.github/ISSUE_TEMPLATE/**'
+ - '.github/*.md'
+ workflow_dispatch:
+ inputs:
+ full_scan:
+ description: "Run full CodeQL scan (ignore path filters)"
+ required: false
+ default: "false"
+ type: choice
+ options:
+ - "false"
+ - "true"
+
+jobs:
+ changes:
+ name: Detect Changed Areas
+ runs-on: ubuntu-latest
+ if: >
+ github.event_name != 'workflow_dispatch' ||
+ github.event.inputs.full_scan != 'true'
+ permissions:
+ contents: read
+ outputs:
+ actions: ${{ steps.filter.outputs.actions }}
+ csharp: ${{ steps.filter.outputs.csharp }}
+ cpp: ${{ steps.filter.outputs.cpp }}
+ javascript_typescript: ${{ steps.filter.outputs.javascript_typescript }}
+ python: ${{ steps.filter.outputs.python }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 0
+
+ - name: Detect Changes
+ id: filter
+ uses: dorny/paths-filter@v4
+ with:
+ filters: |
+ actions:
+ - '.github/workflows/**'
+ - '.github/actions/**'
+ - '.github/dependabot.yml'
+ - '.github/codeql-config.yml'
+ csharp:
+ - 'src/**/*.cs'
+ - 'src/**/*.csproj'
+ - 'src/**/*.props'
+ - 'src/**/*.targets'
+ - 'src/**/*.razor'
+ - 'src/**/*.razor.css'
+ - 'Directory.Packages.props'
+ - 'global.json'
+ - '.github/workflows/ci-codeql.yml'
+ - '.github/codeql-config.yml'
+ cpp:
+ - 'src/InfiniFrame.Native/**'
+ - 'native-vendor-deps.json'
+ - 'global.json'
+ - '.github/actions/setup-dependencies-native/**'
+ - '.github/workflows/ci-codeql.yml'
+ - '.github/codeql-config.yml'
+ javascript_typescript:
+ - 'src/**/*.js'
+ - 'src/**/*.jsx'
+ - 'src/**/*.ts'
+ - 'src/**/*.tsx'
+ - 'src/**/*.mjs'
+ - 'src/**/*.cjs'
+ - 'src/**/*.vue'
+ - 'src/**/*.html'
+ - 'src/**/package.json'
+ - 'src/**/package-lock.json'
+ - 'src/**/tsconfig*.json'
+ - 'src/**/vite.config.*'
+ - 'src/**/webpack.config.*'
+ - 'src/**/eslint.config.*'
+ - '.github/actions/**/*.js'
+ - '.github/actions/**/*.ts'
+ - '.github/workflows/ci-codeql.yml'
+ - '.github/codeql-config.yml'
+ python:
+ - '.github/scripts/**/*.py'
+ - '.github/scripts/**/*.pyi'
+ - '.github/scripts/**/pyproject.toml'
+ - '.github/scripts/**/requirements*.txt'
+ - '.github/scripts/**/Pipfile'
+ - '.github/scripts/**/Pipfile.lock'
+ - '.github/scripts/**/tox.ini'
+ - '.github/scripts/**/setup.cfg'
+ - 'scripts/**/*.py'
+ - 'scripts/**/*.pyi'
+ - 'scripts/**/pyproject.toml'
+ - 'scripts/**/requirements*.txt'
+ - 'scripts/**/Pipfile'
+ - 'scripts/**/Pipfile.lock'
+ - 'scripts/**/tox.ini'
+ - 'scripts/**/setup.cfg'
+ - '.github/workflows/ci-codeql.yml'
+ - '.github/codeql-config.yml'
+
+ analyze:
+ name: Analyze (${{ matrix.language }} on ${{ matrix.os }})
+ needs: changes
+ runs-on: ${{ matrix.os }}
+ timeout-minutes: 90
+
+ if: >
+ always() && (
+ needs.changes.result == 'success'
+ || (
+ github.event_name == 'workflow_dispatch'
+ && github.event.inputs.full_scan == 'true'
+ && needs.changes.result == 'skipped'
+ )) && (
+ github.event_name != 'pull_request'
+ || github.event.pull_request.draft == false
+ )
+
+ permissions:
+ contents: read
+ security-events: write
+ actions: read
+ packages: read
+ pull-requests: write
+ checks: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - language: actions
+ os: ubuntu-latest
+ build-mode: none
+ - language: c-cpp
+ os: ubuntu-latest
+ build-mode: manual
+ - language: c-cpp
+ os: windows-latest
+ build-mode: manual
+ - language: csharp
+ os: ubuntu-latest
+ build-mode: none
+ - language: javascript-typescript
+ os: ubuntu-latest
+ build-mode: none
+ - language: python
+ os: ubuntu-latest
+ build-mode: none
+
+ steps:
+ - name: Decide Whether to Analyze
+ id: should_analyze
+ shell: bash
+ env:
+ FULL_SCAN: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.full_scan == 'true' }}
+ LANGUAGE: ${{ matrix.language }}
+ ACTIONS_CHANGED: ${{ needs.changes.outputs.actions }}
+ CSHARP_CHANGED: ${{ needs.changes.outputs.csharp }}
+ CPP_CHANGED: ${{ needs.changes.outputs.cpp }}
+ JAVASCRIPT_TYPESCRIPT_CHANGED: ${{ needs.changes.outputs.javascript_typescript }}
+ PYTHON_CHANGED: ${{ needs.changes.outputs.python }}
+ run: |
+ should_run=false
+
+ if [[ "$FULL_SCAN" == "true" ]]; then should_run=true
+ elif [[ "$LANGUAGE" == "actions" && "$ACTIONS_CHANGED" == "true" ]]; then should_run=true
+ elif [[ "$LANGUAGE" == "csharp" && "$CSHARP_CHANGED" == "true" ]]; then should_run=true
+ elif [[ "$LANGUAGE" == "c-cpp" && "$CPP_CHANGED" == "true" ]]; then should_run=true
+ elif [[ "$LANGUAGE" == "javascript-typescript" && "$JAVASCRIPT_TYPESCRIPT_CHANGED" == "true" ]]; then should_run=true
+ elif [[ "$LANGUAGE" == "python" && "$PYTHON_CHANGED" == "true" ]]; then should_run=true
+ fi
+
+ echo "run=$should_run" >> "$GITHUB_OUTPUT"
+
+ - name: Checkout
+ if: steps.should_analyze.outputs.run == 'true'
+ uses: actions/checkout@v6
+ with:
+ fetch-depth: 1
+
+ - name: Setup .NET
+ if: steps.should_analyze.outputs.run == 'true'
+ uses: actions/setup-dotnet@v5
+ with:
+ dotnet-version: |
+ 8.x
+ 9.x
+ 10.x
+
+ - name: Setup CMake
+ if: steps.should_analyze.outputs.run == 'true' && matrix.language == 'c-cpp'
+ uses: lukka/get-cmake@latest
+
+ - name: Setup Native dependencies
+ if: steps.should_analyze.outputs.run == 'true' && matrix.language == 'c-cpp'
+ uses: ./.github/actions/setup-dependencies-native
+ # noinspection UndefinedParamsPresent
+ with:
+ apt-cache-version: 1.0
+ brew-cache-key: ${{ runner.os }}-${{ matrix.language }}-brew-native-${{ hashFiles('.github/actions/setup-dependencies-native/action.yml', '.github/workflows/codeql.yml') }}
+ brew-restore-key: ${{ runner.os }}-${{ matrix.language }}-brew-native-
+
+ - name: Initialize CodeQL
+ if: steps.should_analyze.outputs.run == 'true'
+ uses: github/codeql-action/init@v4
+ with:
+ languages: ${{ matrix.language }}
+ build-mode: ${{ matrix.build-mode }}
+ queries: security-extended,security-and-quality
+ config-file: ./.github/codeql-config.yml
+
+ - name: Restore C# (.slnx)
+ if: steps.should_analyze.outputs.run == 'true' && matrix.language == 'csharp' && matrix.build-mode == 'manual'
+ run: |
+ dotnet restore InfiniFrame.slnx /p:NoWarn=NU1503
+
+ - name: Build Native (CodeQL)
+ if: steps.should_analyze.outputs.run == 'true' && matrix.language == 'c-cpp'
+ shell: pwsh
+ run: |
+ dotnet build src/InfiniFrame.Native/InfiniFrame.Native.proj --configuration Release --no-restore -p:SolutionDir="${{ github.workspace }}/" -p:Platform=x64
+
+ - name: Build C# (.slnx)
+ if: steps.should_analyze.outputs.run == 'true' && matrix.language == 'csharp' && matrix.build-mode == 'manual'
+ run: |
+ dotnet build InfiniFrame.slnx --no-restore --configuration Release -p:InfiniFramePackAfterBuild=false
+
+ - name: Perform CodeQL Analysis
+ if: steps.should_analyze.outputs.run == 'true'
+ uses: github/codeql-action/analyze@v4
+ with:
+ category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
deleted file mode 100644
index 96eb9f57..00000000
--- a/.github/workflows/codeql.yml
+++ /dev/null
@@ -1,158 +0,0 @@
-name: "CodeQL Advanced"
-
-concurrency:
- group: codeql-${{ github.workflow }}-${{ github.ref }}
- cancel-in-progress: true
-
-on:
- push:
- branches: [ "core" ]
- pull_request:
- branches: [ "core" ]
- types: [ ready_for_review, synchronize, reopened ]
- paths-ignore:
- - '**/*.md'
- - 'docs/**'
- - '.github/ISSUE_TEMPLATE/**'
- - '.github/*.md'
- workflow_dispatch:
-
-jobs:
- changes:
- name: Detect Changed Areas
- runs-on: ubuntu-latest
- outputs:
- csharp: ${{ steps.filter.outputs.csharp }}
- cpp: ${{ steps.filter.outputs.cpp }}
- steps:
- - name: Checkout
- uses: actions/checkout@v6
- with:
- fetch-depth: 0
-
- - name: Detect Changes
- id: filter
- uses: dorny/paths-filter@v4
- with:
- filters: |
- csharp:
- - '**'
- - '!src/InfiniFrame.Native/**'
- cpp:
- - 'src/InfiniFrame.Native/**'
-
- analyze:
- name: Analyze (${{ matrix.language }} on ${{ matrix.os }})
- needs: changes
- runs-on: ${{ matrix.os }}
- timeout-minutes: 90
-
- if: >
- github.event_name != 'pull_request' ||
- github.event.pull_request.draft == false
-
- permissions:
- security-events: write
- packages: read
- actions: read
- contents: read
-
- strategy:
- fail-fast: false
- matrix:
- include:
- - language: actions
- os: ubuntu-latest
- build-mode: none
- - language: c-cpp
- os: ubuntu-latest
- build-mode: manual
- - language: c-cpp
- os: windows-latest
- build-mode: manual
- - language: csharp
- os: ubuntu-latest
- build-mode: none
- - language: javascript-typescript
- os: ubuntu-latest
- build-mode: none
- - language: python
- os: ubuntu-latest
- build-mode: none
-
- steps:
- - name: Determine Matrix Run
- id: gate
- shell: pwsh
- run: |
- $run = 'false'
- if ("${{ matrix.language }}" -eq "csharp" -and "${{ needs.changes.outputs.csharp }}" -eq "true") {
- $run = 'true'
- }
- elseif ("${{ matrix.language }}" -eq "c-cpp" -and "${{ needs.changes.outputs.cpp }}" -eq "true") {
- $run = 'true'
- }
- elseif ("${{ matrix.language }}" -ne "csharp" -and "${{ matrix.language }}" -ne "c-cpp") {
- $run = 'true'
- }
- "run=$run" >> $env:GITHUB_OUTPUT
-
- - name: Checkout
- if: steps.gate.outputs.run == 'true'
- uses: actions/checkout@v6
- with:
- fetch-depth: 1
-
- - name: Setup .NET
- if: steps.gate.outputs.run == 'true'
- uses: actions/setup-dotnet@v5
- with:
- dotnet-version: |
- 8.x
- 9.x
- 10.x
-
- - name: Setup CMake
- if: steps.gate.outputs.run == 'true' && matrix.language == 'c-cpp'
- uses: lukka/get-cmake@latest
-
- - name: Setup Native dependencies
- if: steps.gate.outputs.run == 'true' && matrix.language == 'c-cpp'
- # noinspection UndefinedAction
- uses: ./.github/actions/setup-dependencies-native
- # noinspection UndefinedParamsPresent
- with:
- apt-cache-version: 1.0
- brew-cache-key: ${{ runner.os }}-${{ matrix.language }}-brew-native-${{ hashFiles('.github/actions/setup-dependencies-native/action.yml', '.github/workflows/codeql.yml') }}
- brew-restore-key: ${{ runner.os }}-${{ matrix.language }}-brew-native-
-
- - name: Initialize CodeQL
- if: steps.gate.outputs.run == 'true'
- uses: github/codeql-action/init@v4
- with:
- languages: ${{ matrix.language }}
- build-mode: ${{ matrix.build-mode }}
- queries: security-extended,security-and-quality
- config-file: ./.github/codeql-config.yml
-
- - name: Restore C# (.slnx)
- if: steps.gate.outputs.run == 'true' && matrix.language == 'csharp' && matrix.build-mode == 'manual'
- run: |
- dotnet restore InfiniFrame.slnx /p:NoWarn=NU1503
-
- - name: Build Native (CodeQL)
- if: steps.gate.outputs.run == 'true' && matrix.language == 'c-cpp'
- shell: pwsh
- run: |
- dotnet build src/InfiniFrame.Native/InfiniFrame.Native.proj --configuration Release --no-restore -p:SolutionDir="${{ github.workspace }}/" -p:Platform=x64
-
- - name: Build C# (.slnx)
- if: steps.gate.outputs.run == 'true' && matrix.language == 'csharp' && matrix.build-mode == 'manual'
- run: |
- dotnet build InfiniFrame.slnx --no-restore --configuration Release -p:InfiniFramePackAfterBuild=false
-
- - name: Perform CodeQL Analysis
- if: steps.gate.outputs.run == 'true'
- uses: github/codeql-action/analyze@v4
- with:
- category: "/language:${{ matrix.language }}"
diff --git a/InfiniFrame.slnx b/InfiniFrame.slnx
index 00a11c5e..464c22b2 100644
--- a/InfiniFrame.slnx
+++ b/InfiniFrame.slnx
@@ -61,7 +61,7 @@
-
+