Skip to content
CodeQL

CodeQL #122

Sign in to view logs

CodeQL

CodeQL #122

Workflow file for this run

.github/workflows/codeql.yaml at 84aa8a1
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: CodeQL
on:
push:
pull_request:
branches:
- main
schedule:
- cron: '0 12 * * 3'
workflow_call:
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-latest
permissions:
# -- Needed to checkout the repository
contents: read
# -- Needed to write security events
security-events: write
steps:
- id: checkout-repository
name: Checkout repository
uses: actions/checkout@v6
with:
lfs: true
submodules: recursive
- id: setup-java
name: Setup Java
uses: actions/setup-java@v5
with:
distribution: temurin
java-version-file: .java-version
- id: setup-gradle
name: Setup Gradle
uses: gradle/actions/setup-gradle@v5
with:
gradle-version: wrapper
- id: initialize-codeql
name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: java
queries: security-and-quality
- id: build
name: Build
run: ./gradlew --no-daemon build
- id: analyze
name: Analyze
uses: github/codeql-action/analyze@v4
with:
category: '/language:java /queries:security-and-quality'
output: sarif-results
upload: failure-only
- id: filter-sarif-file
name: Filter SARIF file
uses: advanced-security/filter-sarif@v1
with:
patterns: |
+**/*.java
-**/.gradle/**/*.java
-**/.gradle/*.java
-**/.settings/**/*.java
-**/.settings/*.java
-**/bin/**/*.java
-**/bin/*.java
-**/build/**/*.java
-**/build/*.java
-**/run/**/*.java
-**/run/*.java
input: sarif-results/java.sarif
output: sarif-results/java.sarif
- id: upload-sarif-file
name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: sarif-results/java.sarif
- id: upload-loc-build-artifact
name: Upload loc build artifact
uses: actions/upload-artifact@v6
with:
name: sarif-results
path: sarif-results
retention-days: 1