diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6922291..88adabd 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -15,38 +15,46 @@ env: PACKAGE_DIRECTORY: 'FunctionApp' jobs: - changes: + checkChanges: uses: ./.github/workflows/filter-changes.yml - build: - needs: changes - if: ${{ needs.changes.outputs.function-app == true }} - uses: ./.github/workflows/maven.yml - analyze: - needs: build - if: ${{ success() }} + needs: checkChanges + if: ${{ needs.checkChanges.outputs.functionApp == 'true' }} name: Analyze runs-on: windows-latest timeout-minutes: 30 permissions: - actions: read - contents: read security-events: write strategy: fail-fast: false matrix: - language: [ 'java' ] + language: [ 'java-kotlin' ] steps: + - name: Checkout Code + uses: actions/checkout@v4 + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} + # AFAIk, this is unavaoidable, since the CodeQL actions + # must be run in the same job as build actions. + - name: Setup Java Sdk ${{ env.JAVA_VERSION }} + uses: actions/setup-java@v4 + with: + distribution: 'microsoft' + java-version: ${{ env.JAVA_VERSION }} + cache: maven + + - name: Build with Maven + run: mvn -B package --file ${{ env.PACKAGE_DIRECTORY }}/pom.xml + - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/.github/workflows/filter-changes.yml b/.github/workflows/filter-changes.yml index 6cdaa47..d440f0a 100644 --- a/.github/workflows/filter-changes.yml +++ b/.github/workflows/filter-changes.yml @@ -3,6 +3,10 @@ name: "Filter Changes" on: workflow_dispatch: workflow_call: + outputs: + functionApp: + description: "Whether the FunctionApp directory has changed" + value: ${{ jobs.changes.outputs.functionApp }} jobs: changes: @@ -10,15 +14,15 @@ jobs: permissions: pull-requests: read outputs: - function-app: ${{ steps.filter.outputs.function-app }} + functionApp: ${{ steps.filter.outputs.functionApp }} steps: - name: 'Checkout GitHub Action' uses: actions/checkout@v4 - name: filter id: filter - uses: dorny/paths-filter@v2 + uses: dorny/paths-filter@v3 with: filters: | - function-app: + functionApp: - 'FunctionApp/**' \ No newline at end of file diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index bd63d04..19e8d5d 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -22,18 +22,11 @@ jobs: uses: actions/checkout@v4 - name: Setup Java Sdk ${{ env.JAVA_VERSION }} - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'microsoft' java-version: ${{ env.JAVA_VERSION }} cache: maven - - name: 'Restore Project Dependencies Using Mvn' - shell: pwsh - run: | - pushd './${{ env.PACKAGE_DIRECTORY }}' - mvn clean package - popd - - name: Build with Maven run: mvn -B package --file ${{ env.PACKAGE_DIRECTORY }}/pom.xml \ No newline at end of file