Skip to content

CodeQL

CodeQL #82

Workflow file for this run

name: "CodeQL"
# Triggers for when this workflow should run
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
# Scheduled run every Friday at 12:41 UTC
schedule:
- cron: '41 12 * * 5'
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Define the operating system for the job (macOS for Swift, Ubuntu for others)
runs-on: ubuntu-latest
# Define timeout for the job based on the language (2 hours for Swift, 6 hours for others)
timeout-minutes: 360
# Define permissions required for the job
permissions:
security-events: write
actions: read
contents: read
# Define the matrix strategy for different languages
strategy:
fail-fast: false
matrix:
include:
- language: java-kotlin
# Define steps for the job
steps:
# Checkout the repository content
- name: Checkout repository
uses: actions/checkout@v4
# Set up JDK 17 for Java analysis
- name: set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
cache: gradle
- name: Setup Android SDK
uses: android-actions/setup-android@v3
# Create the local.properties file with CLIENT_ID and CLIENT_SECRET
- name: Create local.properties
run: |
echo "CLIENT_ID=${{ secrets.CLIENT_ID }}" >> local.properties
echo "CLIENT_SECRET=${{ secrets.CLIENT_SECRET }}" >> local.properties
# Initialize CodeQL tools for scanning
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: manual
- uses: gradle/actions/setup-gradle@v3
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
run: ./gradlew assembleFoss
# Perform CodeQL analysis
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"