Bump github/codeql-action from 3.26.8 to 3.27.4 #863
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions | |
name: analyze | |
on: | |
push: | |
branches: ['main', 'maintenance/*'] | |
paths: ['.github/**', '.mvn/**', 'src/**', 'eclipse-formatter-config.xml', 'pom.xml'] | |
pull_request: | |
branches: ['main', 'maintenance/*'] | |
paths: ['.github/**', '.mvn/**', 'src/**', 'eclipse-formatter-config.xml', 'pom.xml'] | |
schedule: | |
- cron: '0 0 * * 6' | |
permissions: | |
contents: 'read' | |
pull-requests: 'write' # Required by SonarCloud to comment PRs | |
security-events: 'write' # Required by all codeql-action workflows | |
jobs: | |
sonar: | |
# This workflow is only of value to the marcwrobel/jbanking repository and would always fail in forks | |
if: github.repository == 'marcwrobel/jbanking' | |
runs-on: 'ubuntu-latest' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis | |
- name: Set up Java | |
uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Cache SonarQube packages | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: '~/.sonar/cache' | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: '~/.m2/repository' | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-maven- | |
- name: Analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_LOGIN: ${{ secrets.SONAR_LOGIN }} | |
run: 'mvn --settings .mvn/settings.xml -B -P analyze verify sonar:sonar' | |
codeql: | |
runs-on: 'ubuntu-latest' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
# We must fetch at least the immediate parents so that if this is a pull request then we can check out the head. | |
fetch-depth: 2 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 | |
with: | |
languages: 'java' | |
queries: 'security-and-quality' | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 |