This repository has been archived by the owner on Nov 19, 2024. It is now read-only.
Merge pull request #800 from jenkinsci/dependabot/maven/io.jenkins.pl… #612
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - main | |
| pull_request: | |
| branches: | |
| - master | |
| - main | |
| schedule: | |
| - cron: "32 3 * * 0" | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ java ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: temurin | |
| java-version: 17 | |
| cache: maven | |
| - name: Set up Maven | |
| uses: stCarolas/[email protected] | |
| with: | |
| maven-version: 3.9.3 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| queries: +security-and-quality | |
| - name: Build with Maven | |
| run: mvn -V --color always -ntp clean verify --file pom.xml -Pskip | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| with: | |
| upload: false | |
| output: sarif-results | |
| category: "/language:${{ matrix.language }}" | |
| - name: Filter SARIF results | |
| uses: advanced-security/filter-sarif@v1 | |
| with: | |
| patterns: | | |
| -**/*Assert* | |
| input: sarif-results/${{ matrix.language }}.sarif | |
| output: sarif-results/${{ matrix.language }}.sarif | |
| - name: Upload SARIF results | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: sarif-results/${{ matrix.language }}.sarif |