feat: Integrate TfidfVectorizer with AiModelBuilder facade pattern #2170
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow checks out code, performs a Codacy security scan | |
| # and integrates the results with the GitHub Advanced Security code scanning feature. | |
| name: Codacy Security Scan | |
| on: | |
| push: | |
| branches: [ master, main ] | |
| paths: | |
| - '**.cs' | |
| - '**.csproj' | |
| - '.github/workflows/codacy.yml' | |
| pull_request: | |
| branches: [ master, main ] | |
| paths: | |
| - '**.cs' | |
| - '**.csproj' | |
| - '.github/workflows/codacy.yml' | |
| schedule: | |
| - cron: '24 20 * * 1' | |
| # Cancel in-progress runs for the same branch | |
| concurrency: | |
| group: codacy-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| codacy-security-scan: | |
| name: Codacy Security Scan | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| # Skip draft PRs | |
| if: github.event.pull_request.draft != true | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| steps: | |
| - name: Checkout code | |
| if: github.event_name != 'pull_request' || github.event.pull_request.changed_files <= 150 | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| # Shallow clone for faster checkout | |
| fetch-depth: 1 | |
| - name: Trivy filesystem scan (SARIF) | |
| # Must match checkout condition - only run if checkout happened | |
| if: github.event_name != 'pull_request' || github.event.pull_request.changed_files <= 150 | |
| uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 | |
| with: | |
| scan-type: fs | |
| scan-ref: ${{ github.workspace }}/src | |
| format: sarif | |
| output: trivy-results.sarif | |
| severity: CRITICAL,HIGH | |
| ignore-unfixed: true | |
| - name: Upload Trivy SARIF to GitHub Code Scanning | |
| # Must match checkout/Trivy conditions - only run if both checkout and Trivy scan happened | |
| if: (github.event_name != 'pull_request' || github.event.pull_request.changed_files <= 150) && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork != true) | |
| uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3 | |
| with: | |
| sarif_file: trivy-results.sarif | |
| category: trivy-fs | |
| - name: Run Codacy Analysis CLI | |
| if: github.event_name != 'pull_request' || github.event.pull_request.changed_files <= 150 | |
| uses: codacy/codacy-analysis-cli-action@562ee3e92b8e92df8b67e0a5ff8aa8e261919c08 # v4 | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| output: results.sarif | |
| format: sarif | |
| gh-code-scanning-compat: true | |
| max-allowed-issues: 2147483647 | |
| skip-uncommitted-files-check: true | |
| # Run only issue-finding tools (skip metrics/duplication) to keep PR scans fast and avoid CI timeouts. | |
| tool: issues | |
| # Enable parallel analysis for faster execution | |
| parallel: 8 | |
| # Avoid long-running tools hanging the PR check indefinitely. | |
| tool-timeout: 15minutes | |
| # Only analyze src directory (skip tests, benchmarks, examples) | |
| directory: ${{ github.workspace }}/src | |
| # Workaround: Codacy's Trivy docker tool can emit CycloneDX SBOM JSON which CodacyPlugins can't parse | |
| # (missing expected `filename` field), causing the job to hang/fail. | |
| run-docker-tools: false | |
| continue-on-error: true | |
| - name: Skip notice (huge PR) | |
| if: github.event_name == 'pull_request' && github.event.pull_request.changed_files > 150 | |
| run: | | |
| echo "Skipping Codacy Security Scan for huge PRs (>150 changed files)." | |
| echo "Reason: avoids timeouts and avoids new-code churn from repo-wide formatting diffs." | |
| # Note: SARIF upload to GitHub Code Scanning is disabled because Codacy generates | |
| # multi-run SARIF files which are no longer supported by GitHub Code Scanning. | |
| # See: https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/ | |
| # We rely on CodeQL (codeql.yml) for GitHub Code Scanning and Codacy for its own dashboard. | |
| # - name: Upload SARIF results file | |
| # uses: github/codeql-action/upload-sarif@v4 | |
| # if: always() | |
| # with: | |
| # sarif_file: results.sarif | |
| # category: codacy-security-scan |