Skip to content

Commit

Permalink
ci: add codeql workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
sebthom committed Nov 4, 2024
1 parent d57fb34 commit b13a717
Show file tree
Hide file tree
Showing 2 changed files with 138 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
paths-ignore:
- '**/*.md'
- '.github/*.yml'
- '.github/workflows/codeql.yml'
- '.github/workflows/licensecheck.yml'
- '.github/workflows/validate_pr.yml'
- '**/.project'
Expand Down
137 changes: 137 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
name: CodeQL

on:
push:
branches: [ "main" ]
paths-ignore:
- '**/*.md'
- '.github/*.yml'
- '.github/workflows/build.yml'
- '.github/workflows/bump-version.yml'
- '.github/workflows/licensecheck.yml'
- '.github/workflows/validate_pr.yml'
- '**/.project'
- '**/.settings/*.prefs'
- '.gitignore'
- '.actrc'
- 'Jenkinsfile'
pull_request:
branches: [ "main" ]
paths-ignore:
- '**/*.md'
- '.github/*.yml'
- '.github/workflows/build.yml'
- '.github/workflows/bump-version.yml'
- '.github/workflows/licensecheck.yml'
- '.github/workflows/validate_pr.yml'
- '**/.project'
- '**/.settings/*.prefs'
- '.gitignore'
- '.actrc'
- 'Jenkinsfile'
workflow_dispatch:
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/


defaults:
run:
shell: bash


env:
JAVA_VERSION: 17


jobs:

###########################################################
analyze:
###########################################################

name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write

# required to fetch internal or private CodeQL packs
packages: read

# only required for workflows in private repositories
actions: read
contents: read

strategy:
fail-fast: false
matrix:
include:
# build-mode: https://github.com/github/codeql-action#build-modes
- language: java-kotlin
build-mode: none
- language: javascript-typescript
build-mode: none
- language: python
build-mode: none


steps:
- name: "Show: GitHub context"
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: echo $GITHUB_CONTEXT


- name: "Show: environment variables"
run: env | sort


- name: Git Checkout
uses: actions/checkout@v4 # https://github.com/actions/checkout


- name: "Install: JDK ${{ env.JAVA_VERSION }} ☕"
if: ${{ matrix.language == 'java-kotlin' }}
uses: actions/setup-java@v4 # https://github.com/actions/setup-java
with:
distribution: temurin
java-version: ${{ env.JAVA_VERSION }}
cache: maven


- name: "Cache: Local Maven Repository"
if: ${{ matrix.language == 'java-kotlin' }}
uses: actions/cache/restore@v4
with:
# Excluded sub directory not working https://github.com/actions/toolkit/issues/713
path: |
~/.m2/repository/*
!~/.m2/repository/.cache/tycho
!~/.m2/repository/.meta/p2-artifacts.properties
!~/.m2/repository/p2
!~/.m2/repository/*SNAPSHOT*
key: ${{ runner.os }}-${{ runner.arch }}-repo-mvn-${{ hashFiles('**/pom.xml') }}


- name: "Cache: Local Tycho Repository"
if: ${{ matrix.language == 'java-kotlin' }}
uses: actions/cache/restore@v4
with:
path: |
~/.m2/repository/.cache/tycho
~/.m2/repository/.meta/p2-artifacts.properties
~/.m2/repository/p2
key: ${{ runner.os }}-${{ runner.arch }}-repo-tycho-${{ hashFiles('target-platforms/oldest.target') }}


- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}


- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

0 comments on commit b13a717

Please sign in to comment.