# This workflow focuses on enhancing code security and identifying
# potential vulnerabilities in the Java codebase. The workflow is triggered
# by push events to the "master" and "release" branches, as well as by
# a weekly schedule. It targets Java source files located in the "src" directory.
#
# This workflow is crucial for maintaining code security and quality by
# regularly analyzing the Java codebase for vulnerabilities and providing
# insights to address potential security issues.
#
# The workflow runs on both Ubuntu and Windows platforms for comprehensive
# code portability checks.

name: "CodeQL"

on:
  push:
    branches: [ "master", "release" ]
    # Only run when the specific file(s) are changed
    paths:
      - 'src/**/*.java'  # All Java source files

  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "master", "release" ]
    # Only run when the specific file(s) are changed
    paths:
      - 'src/**/*.java'  # All Java source files

  schedule:
    - cron: '30 7 * * 6'

jobs:
  analyze:
    name: ${{ matrix.os }} / Analyze Code
    runs-on: ${{ matrix.os }}-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    env:
      language: java
      java-dist: temurin
      java-version: 11

    strategy:
      fail-fast: false
      matrix:
        os: [Ubuntu, Windows]  # Run on Ubuntu and Windows

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    # Setup the Java Virtual Machine
    - name: Setup JVM / ${{ matrix.os }}
      uses: actions/setup-java@v4
      with:
        distribution: ${{ env.java-dist }}
        java-version: ${{ env.java-version }}

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL / ${{ matrix.os }}
      uses: github/codeql-action/init@v2
      with:
        languages: ${{ env.language }}

    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    # - name: Autobuild
    #   uses: github/codeql-action/autobuild@v2

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

    - name: Caching Dependencies / ${{ matrix.os }}
      uses: actions/cache@v3
      with:
        path: ~/.m2/repository
        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
        restore-keys: |
          ${{ runner.os }}-maven-${{ hashfiles('**/pom.xml') }}
          ${{ runner.os }}-maven-

    - name: Build Project / ${{ matrix.os }}
      run: |
        echo "Building the project..."
        mvn clean install -Dskiptests  # Installing necessary packages without testing
        mvn test

    - name: Perform CodeQL Analysis / ${{ matrix.os }}
      uses: github/codeql-action/analyze@v2
      with:
        category: "/language:${{ env.language }}"