Revert "Merge CodeQL & Build GitHub Actions (re. #2294) (#2307)"

This reverts commit 927c591.
google · Oct 26, 2023 · 294dd68 · 294dd68
1 parent a1c4f9f
commit 294dd68
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 37 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: "Build"
+name: "GitHub Actions: Build"
 
 # Controls when the action will run. Triggers the workflow on push or pull request
 # events for the `master` branch
@@ -22,34 +22,18 @@ on:
     tags:
       build*
   pull_request:
-    # The branches below must be a subset of the branches above
     branches: [ master ]
-  schedule:
-    # Run once a week (even if no new code or PRs) to detect random regressions
-    - cron: '32 13 * * 2'
-
 env:
   # Allow precise monitoring of the save/restore of Gradle User Home by `gradle-build-action`
   # See https://github.com/marketplace/actions/gradle-build-action?version=v2.1.1#cache-debugging-and-analysis
   GRADLE_BUILD_ACTION_CACHE_DEBUG_ENABLED: true
   GRADLE_BUILD_ACTION_CACHE_KEY_PREFIX: "fhir" # change this to invalidate cache
-
-  # A workflow run is made up of one or more jobs that can run sequentially or in parallel
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # Build will compile APK, test APK and run tests, lint, etc.
   build:
-    runs-on: ubuntu-22.04-8core
-    timeout-minutes: 60
-    permissions:
-      actions: read
-      contents: read
-      # Required by codeql-action
-      security-events: write
 
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'java' ]
+    runs-on: ubuntu-22.04-8core
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
@@ -65,31 +49,17 @@ jobs:
           # Fetch origin/master for spotless ratchet to work
           # https://github.com/diffplug/spotless/issues/1242
           fetch-depth: 0
-
       - name: Setup machine
         uses: ./.github/actions/commonSetup
 
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: ${{ matrix.language }}
-
-      - name: Build (minimal, for CodeQL) with Gradle
-        run: ./gradlew --scan --full-stacktrace compileDebugAndroidTestSources
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
-        with:
-          category: "/language:${{matrix.language}}"
-
       - name: Spotless check
-        run: ./gradlew spotlessCheck --scan --full-stacktrace
+        run: ./gradlew spotlessCheck --scan --stacktrace
 
-      - name: Build (full) with Gradle
-        run: ./gradlew build --scan --full-stacktrace
+      - name: Build with Gradle
+        run: ./gradlew build --scan --stacktrace
 
       - name: Check with Gradle
-        run: ./gradlew check --scan --full-stacktrace
+        run: ./gradlew check --scan --stacktrace
 
       - name: Release artifacts to local repo
         run: ./gradlew publishReleasePublicationToCIRepository --scan

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -0,0 +1,51 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '32 13 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-22.04-8core
+    timeout-minutes: 60
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Switch to Java 17 from Eclipse Temurin distro
+      uses: actions/setup-java@v3
+      with:
+        java-version: 17
+        distribution: temurin
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    # TODO: use Autobuild instead of ./gradlew after https://github.com/github/codeql-action/issues/1417 is fixed
+    # - name: Autobuild
+    #   uses: github/codeql-action/autobuild@v2
+    - name: Build with Gradle
+      run: ./gradlew --scan --full-stacktrace -Dorg.gradle.dependency.verification=off compileDebugAndroidTestSources
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"