Feature/security workflows

.github/workflows/codeql.yml

@@ -1,29 +1,13 @@
-name: CodeQL (Swift) - SAST
+name: CodeQL ( Swift ) - SAST
 
 on:
-  workflow_call:
-    inputs:
-      scheme:
-        description: 'xcodebuild scheme arg'
-        required: true
-        type: string
-      project:
-        description: 'xcodebuild project arg'
-        required: true
-        type: string
-      workspace:
-        description: 'Optional xcodebuild workspace arg'
-        required: false
-        type: string
-      command:
-        description: 'Optional application build command, overrides build-scheme and build-workspace'
-        required: false
-        type: string
-      timeout-minutes:
-        description: 'Optional override for larger builds'
-        required: false
-        default: 30
-        type: number
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+  workflow_dispatch:
 
 permissions:
   security-events: write
@@ -40,18 +24,22 @@ jobs:
   code-scanning:
     name: Code Scanning
     runs-on: macos-15
-    timeout-minutes: ${{ inputs.timeout-minutes }}
+    timeout-minutes: 30
     strategy:
       fail-fast: false
 
-    steps:     
+    steps:
+      - name: Capture start time
+        run: echo "start_time=$(date +%s)" >> $GITHUB_ENV
+        shell: bash
+
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Setup Xcode
         uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: '${{ matrix.xcode_version }}'
+          xcode-version: '16.2'
 
       - name: Carthage [Setup cache]
         uses: actions/cache@v3
@@ -76,30 +64,27 @@ jobs:
           debug: true
 
       - name: xcodebuild (default)
-        if: ${{ inputs.build-command == '' }}
         run: |
-          project=${{ inputs.project }}
           os_version=17.5
           device="iPhone 15 Pro"
           destination="platform=iOS Simulator,name=${device},OS=${os_version}"
-
-          scheme=${{ inputs.scheme }}
+          scheme=HyperwalletUISDK
           build_dir=${HOME}/Library/Developer/Xcode/DerivedData/${scheme}
           source_packages=${build_dir}/SourcePackages
 
           args=(
             "-configuration Debug"
-            "-scheme ${scheme}"
-            "-project ${project}"
-            "-destination '${destination}'"
+            "-scheme HyperwalletUISDK"
             "-derivedDataPath ${build_dir}"
             "-clonedSourcePackagesDirPath ${source_packages}"
             "-disableAutomaticPackageResolution"
-            "-scmProvider system"            
+            "-scmProvider system"
+            "-destination 'generic/platform=iOS Simulator'"            
           )
 
-          if [[ -n "${{ inputs.build-workspace }}" ]]; then
-            args+=("-workspace ${{ inputs.build-workspace }}")
+          if [[ -n "HyperwalletUISDK.xcodeproj" ]]; then
+            t=1
+            #args+=("-workspace HyperwalletUISDK.xcodeproj")
           fi
 
           args+=("clean")
@@ -109,12 +94,17 @@ jobs:
           echo "${build_cmd}"
           eval "${build_cmd}"
 
-      - name: xcodebuild (custom)
-        if: ${{ inputs.build-command != '' }}
-        run: |
-          ${{ inputs.build-command }}
-
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
         with:
-          category: "/language:swift"
+          category: "/language:swift"
+
+      - name: DataDog
+        if: always() && github.event_name != 'merge_group'
+        uses: hyperwallet/public-security-workflows/datadog@main
+        with:
+          SOURCE: "CodeQL"
+          DATADOG_API_KEY: ${{ secrets.BUILD_SECURITY_PAYPAL_DATADOG_QA_TOKEN_PAYPAL_DATADOG_QA_TOKEN }}
+          BU_NAME: "Hyperwallet"
+          start_time: ${{ env.start_time }}
+          OUTCOME: "${{ steps.codeql.outcome }}"