Skip to content

CodeQL

CodeQL #2099

Workflow file for this run

name: "CodeQL"
"on":
workflow_dispatch: {}
workflow_call:
inputs: {}
secrets:
GRADLE_CONFIGURATION_KEY:
description: "Gradle cache key"
required: false
BUILDLESS_APIKEY:
description: "Buildless key"
required: false
schedule:
- cron: "0 0-23/2 * * *"
push:
branches:
- main
permissions:
contents: read
jobs:
analyze:
name: CodeQL
runs-on: ubuntu-latest
continue-on-error: true
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["java-kotlin"]
steps:
- name: "Setup: Harden Runner"
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: "Setup: Cache Restore (Build)"
id: cache-restore-build
uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
key: pkl-v1-build-${{ hashFiles('gradle/libs.versions.toml') }}
restore-keys: |
pkl-v1-build-${{ hashFiles('gradle/libs.versions.toml') }}
pkl-v1-build-
pkl-v1-
pkl-
path: |
.gradle/
build/
.codebase/
.kotlin/
./*/build/bin
./*/build/classes
./*/build/kotlin
./*/build/klib
./*/build/generated
./*/build/generated-sources
- name: "Setup: Java 21"
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'adopt'
java-version: '21'
- name: "Setup: Initialize CodeQL"
uses: github/codeql-action/init@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
with:
config-file: ./.github/codeql/codeql-config.yml
languages: ${{ matrix.language }}
- name: "Analysis: Build"
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
continue-on-error: true
env:
CI: true
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
with:
cache-read-only: true
cache-encryption-key: ${{ secrets.GRADLE_CONFIGURATION_KEY }}
arguments: |
compileKotlin
compileJava
assemble
-x test
-x check
- name: "Analysis: CodeQL"
uses: github/codeql-action/analyze@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3
continue-on-error: true