Merge pull request #137 from ecos-umons/tommens-patch-11 #289
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL security analysis for Java | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '42 1 * * 2' | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: compiling and security scanning | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 360 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Set up with Java 17 | |
| uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 17 | |
| cache: 'maven' | |
| - name: Initialize CodeQL for security scanning | |
| uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 | |
| with: | |
| languages: 'java-kotlin' | |
| - name: Compile Java source code with Maven | |
| run: mvn -B compile --file pom.xml | |
| # unit tests are not run since they are not required for the CodeQL security analysis | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 | |
| with: | |
| category: "/language:java-kotlin" | |