Merge pull request #7 from DFE-Digital/feature/implement-codeql-and-d…

…ependabot

Added yml to run codeql against project

.github/actions/codeql-and-dependency-checks/action.yml

@@ -0,0 +1,20 @@
+name: Run CodeQL and dependency review
+description: Runs CodeQL checks as well as dependency checks for issues.
+
+runs:
+  using: composite
+
+  steps:
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: csharp, javascript
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+
+    - name: 'Dependency Review'
+      uses: actions/dependency-review-action@v4

.github/dependabot.yml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: 'daily'
+    labels:
+      - github-actions
+
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: 'weekly'
+    labels:
+      - docker
+
+  - package-ecosystem: nuget
+    directory: /
+    schedule:
+      interval: 'daily'
+    labels:
+      - nuget

.github/workflows/code-pr-check.yml

@@ -24,7 +24,7 @@ env:
 jobs:
 
   build-app:  
-    name: Build and run unit tests
+    name: Build, check and run tests
     runs-on: ubuntu-22.04
 
     steps:
@@ -36,6 +36,9 @@ jobs:
         with:
           dotnet_version: ${{ env.DOTNET_VERSION }}  
           solution_filename: ${{ env.SOLUTION_NAME }}
+
+      - name: Run CodeQL and dependency checks
+        uses: ./.github/actions/codeql-and-dependency-checks
 
       - name: Run unit tests
         uses: ./.github/actions/run-unit-tests