fix: handle race conditions accessing elements in DOM #343
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax | |
| name: CodeQL | |
| on: # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows | |
| schedule: | |
| # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule | |
| - cron: "30 18 * * 1" # Mondays 18:30 UTC | |
| push: | |
| branches: [ "main" ] | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/.project' | |
| - '**/.settings/*.prefs' | |
| - '.gitignore' | |
| - '.actrc' | |
| - 'Jenkinsfile' | |
| pull_request: | |
| branches: [ "main" ] | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/.project' | |
| - '**/.settings/*.prefs' | |
| - '.gitignore' | |
| - '.actrc' | |
| - 'Jenkinsfile' | |
| workflow_dispatch: | |
| # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#workflow_dispatch | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| JAVA_VERSION: 21 | |
| jobs: | |
| ########################################################### | |
| analyze: | |
| ########################################################### | |
| concurrency: | |
| group: codeql-${{ github.workflow }}-${{ github.ref }}-${{ matrix.language }} | |
| cancel-in-progress: true | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # build-mode: https://github.com/github/codeql-action#build-modes | |
| - language: actions | |
| build-mode: none | |
| - language: java | |
| build-mode: manual | |
| # avoid build error: "CodeQL detected code written in Java/Kotlin, GitHub Actions, C/C++ and Python, | |
| # but not any written in JavaScript." | |
| #- language: javascript | |
| # build-mode: none | |
| - language: python | |
| build-mode: none | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required for all workflows | |
| security-events: write | |
| # required to fetch internal or private CodeQL packs | |
| packages: read | |
| # only required for workflows in private repositories | |
| actions: read | |
| contents: read | |
| timeout-minutes: 15 | |
| steps: | |
| - name: "Show: GitHub context" | |
| env: | |
| GITHUB_CONTEXT: ${{ toJSON(github) }} | |
| run: echo $GITHUB_CONTEXT | |
| - name: "Show: environment variables" | |
| run: env | sort | |
| - name: Git Checkout | |
| uses: actions/checkout@v6 # https://github.com/actions/checkout | |
| - name: "Install: JDK ${{ env.JAVA_VERSION }} ☕" | |
| uses: actions/setup-java@v5 # https://github.com/actions/setup-java | |
| if: matrix.language == 'java' | |
| with: | |
| distribution: temurin | |
| java-version: ${{ env.JAVA_VERSION }} | |
| - name: "Cache: Local Maven Repository" | |
| uses: actions/cache/restore@v5 | |
| if: matrix.language == 'java' | |
| with: | |
| # Excluded sub directory not working https://github.com/actions/toolkit/issues/713 | |
| path: | | |
| ~/.m2/repository/* | |
| !~/.m2/repository/.cache/tycho | |
| !~/.m2/repository/.meta/p2-artifacts.properties | |
| !~/.m2/repository/p2 | |
| !~/.m2/repository/*SNAPSHOT* | |
| key: ${{ runner.os }}-${{ runner.arch }}-repo-mvn-${{ hashFiles('**/pom.xml') }} | |
| - name: "Cache: Local Tycho Repository" | |
| uses: actions/cache/restore@v5 | |
| if: matrix.language == 'java' | |
| with: | |
| path: | | |
| ~/.m2/repository/.cache/tycho | |
| ~/.m2/repository/.meta/p2-artifacts.properties | |
| ~/.m2/repository/p2 | |
| key: ${{ runner.os }}-${{ runner.arch }}-repo-tycho-${{ hashFiles('target-platforms/target-platform-latest/target-platform-latest.target') }} | |
| # https://docs.github.com/en/code-security/code-scanning | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 # https://github.com/github/codeql-action | |
| with: | |
| languages: ${{ matrix.language }} | |
| # https://github.com/github/codeql-action#build-modes | |
| build-mode: ${{ matrix.build-mode }} | |
| # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-queries-in-ql-packs | |
| config-file: ./.github/codeql/codeql-config.yml | |
| - name: "Build with Maven 🔨" | |
| if: matrix.language == 'java' | |
| run: | | |
| set -euo pipefail | |
| MAVEN_OPTS="${MAVEN_OPTS:-}" | |
| MAVEN_OPTS+=" -Djava.security.egd=file:/dev/./urandom" # https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for/59097932#59097932 | |
| MAVEN_OPTS+=" -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" # https://stackoverflow.com/questions/5120470/how-to-time-the-different-stages-of-maven-execution/49494561#49494561 | |
| MAVEN_OPTS+=" -Xmx1024m -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dhttps.protocols=TLSv1.3,TLSv1.2" | |
| export MAVEN_OPTS | |
| echo "MAVEN_OPTS: $MAVEN_OPTS" | |
| ./mvnw \ | |
| --errors \ | |
| --no-transfer-progress \ | |
| --batch-mode \ | |
| --show-version \ | |
| -Declipse.p2.mirrors=false \ | |
| -Dtycho.p2.baseline.skip=true \ | |
| -Dmaven.test.skip=true \ | |
| clean verify | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 # https://github.com/github/codeql-action | |
| with: | |
| category: "/language:${{matrix.language}}" |