| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # https://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| name: "CodeQL" |
| |
| on: |
| # allow direct trigger |
| workflow_dispatch: |
| push: |
| paths-ignore: |
| - '**/workflows/*.yml' |
| - 'src/docker/*' |
| branches: [ master ] |
| pull_request: |
| paths-ignore: |
| - '**/workflows/*.yml' |
| - 'src/docker/*' |
| # The branches below must be a subset of the branches above |
| branches: [ master ] |
| # schedule: |
| # - cron: '33 9 * * 4' |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| analyze: |
| name: Analyze |
| runs-on: ubuntu-latest |
| timeout-minutes: 10 |
| permissions: |
| actions: read |
| contents: read |
| security-events: write |
| |
| strategy: |
| max-parallel: 5 |
| fail-fast: false |
| matrix: |
| language: [ 'cpp', 'java' ] |
| java: [ 8 ] |
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] |
| # Learn more about CodeQL language support at https://git.io/codeql-language-support |
| |
| steps: |
| - name: Checkout repository |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| with: |
| persist-credentials: false |
| - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 #v5.0.4 |
| with: |
| path: ~/.m2/repository |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} |
| restore-keys: | |
| ${{ runner.os }}-maven- |
| |
| # Override Java default |
| # Java 11 complains about illegal access; drop this override when sorted |
| # Also complains: "Corrupted channel by directly writing to native stream in forked JVM 1" |
| - name: Set up JDK ${{ matrix.java }} |
| if: ${{ matrix.language == 'java' }} |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 |
| with: |
| distribution: 'zulu' |
| java-version: ${{ matrix.java }} |
| |
| # Initializes the CodeQL tools for scanning. |
| - name: Initialize CodeQL |
| uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 |
| with: |
| languages: ${{ matrix.language }} |
| # If you wish to specify custom queries, you can do so here or in a config file. |
| # By default, queries listed here will override any specified in a config file. |
| # Prefix the list here with "+" to use these queries and those in the config file. |
| # queries: ./path/to/local/query, your-org/your-repo/queries@main |
| |
| - name: Build with Maven |
| # -DargLine=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED (not with Java 8) |
| run: mvn -V package --no-transfer-progress -Drat.skip -Danimal.sniffer.skip |
| # make bootstrap |
| # make release |
| |
| - name: Perform CodeQL Analysis |
| uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 |
