Skip to content

build(deps): Bump github/codeql-action/analyze from 4.36.2 to 4.36.3 #580

build(deps): Bump github/codeql-action/analyze from 4.36.2 to 4.36.3

build(deps): Bump github/codeql-action/analyze from 4.36.2 to 4.36.3 #580

Workflow file for this run

name: CI
on:
push:
branches: [ "main" , "releases/**" ]
pull_request:
branches: [ "main" , "releases/**" ]
workflow_dispatch:
permissions:
contents: read
jobs:
commit-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1
with:
failOnErrors: 'false'
build:
runs-on: ubuntu-latest
permissions:
contents: write
checks: write
pull-requests: write
security-events: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: java-kotlin
- name: Set up JDK 17
uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
with:
java-version: '17'
distribution: 'temurin'
cache: 'maven'
- name: Build and test
run: mvn -B verify
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
with:
scan-type: fs
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
if: always()
with:
sarif_file: trivy-results.sarif
category: trivy
- name: Publish Test Report
uses: mikepenz/action-junit-report@3a81627bfac62268172037048872e8ebd4207e6d # v6.4.1
if: always()
with:
report_paths: '**/target/*-reports/TEST-*.xml'
comment: 'true'
- name: Submit Dependency Snapshot
uses: advanced-security/maven-dependency-submission-action@b275d12641ac2d2108b2cbb7598b154ad2f2cee8 # v5.0.0