Skip to content

Checks: CodeQL

Checks: CodeQL #52

Workflow file for this run

name: "Checks: CodeQL"
on:
## Manual dispatch
workflow_dispatch: {}
## Sub-workflow call
workflow_call: {}
## Scheduled checks
schedule:
- cron: '41 8 * * 1'
env:
CI: true
BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }}
permissions:
contents: read
jobs:
check-codeql:
name: "Checks: CodeQL"
runs-on: ubuntu-latest
timeout-minutes: 120
permissions:
actions: read
contents: read
security-events: write
steps:
- name: "Setup: Harden Runner"
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: audit
- name: "Setup: Checkout"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: "Setup: JDK ${{ inputs.java_version || vars.JVM_VERSION }}"
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: ${{ inputs.java_version || vars.JVM_VERSION || '21' }}
distribution: ${{ inputs.jvm || vars.JVM_VARIANT || 'zulu' }}
- name: "Setup: Cache SonarCloud Packages"
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: "Setup: Cache Gradle Packages"
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: "Setup: Initialize CodeQL"
uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
with:
languages: java-kotlin
- name: "CodeQL: Autobuild"
uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
- name: "CodeQL: Analysis"
uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
with:
category: "/language:java-kotlin"