| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- name: CodeQL (daily)
- on:
- schedule:
- # daily at 1:30 UTC
- - cron: "30 1 * * *"
- workflow_dispatch:
- permissions:
- contents: read
- jobs:
- analyze:
- permissions:
- actions: read # for github/codeql-action/init to get workflow details
- security-events: write # for github/codeql-action/analyze to upload SARIF results
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - name: Free disk space
- run: .github/scripts/gha-free-disk-space.sh
- - name: Set up Java 17
- uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
- with:
- distribution: temurin
- java-version: 17.0.6
- - name: Initialize CodeQL
- uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
- with:
- languages: java
- # using "latest" helps to keep up with the latest Kotlin support
- # see https://github.com/github/codeql-action/issues/1555#issuecomment-1452228433
- tools: latest
- - uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0
- with:
- # skipping build cache is needed so that all modules will be analyzed
- arguments: assemble -x javadoc --no-build-cache --no-daemon
- - name: Perform CodeQL analysis
- uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
- workflow-notification:
- needs:
- - analyze
- if: always()
- uses: ./.github/workflows/reusable-workflow-notification.yml
- with:
- success: ${{ needs.analyze.result == 'success' }}
|
