Merge pull request #3676 from kubernetes-client/dependabot/maven/com.… #3559

	name: "CodeQL"

	on:
	push:
	branches: [ master ]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ master ]
	schedule:
	- cron: '37 19 * * 0'

	permissions:
	contents: read

	jobs:
	analyze:
	permissions:
	actions: read # for github/codeql-action/init to get workflow details
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/autobuild to send a status report
	name: Analyze
	runs-on: ubuntu-latest

	strategy:
	fail-fast: false
	matrix:
	language: [ 'java' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Setup Java
	uses: actions/setup-java@v4
	with:
	distribution: 'temurin'
	java-version: 17.0.x
	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}

	# See https://github.com/github/codeql/issues/13541 for the origins of this command
	# We can't use autobuild because it doesn't detect the right Java version
	- name: Build project
	run: ./mvnw clean package -f "pom.xml" -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dspotless.check.skip=true

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3

Provide feedback