Skip to content

CodeQL

CodeQL #566

name: "CodeQL"
on:
push:
branches: [develop, main]
pull_request:
branches: [develop]
schedule:
- cron: '0 7 * * 0'
jobs:
analyse:
name: Analyse
runs-on: ubuntu-latest
# dependeabot has on push events only read-only access, but codeql requires write access
if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
show-progress: false
- uses: actions/setup-java@v4
with:
java-version: 21
distribution: 'temurin'
cache: 'maven'
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java
- name: Build
run: mvn -B install -DskipTests
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3