CodeQL #172
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL" | |
# Triggers for when this workflow should run | |
on: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
branches: [ "master" ] | |
# Scheduled run every Friday at 12:41 UTC | |
schedule: | |
- cron: '41 12 * * 5' | |
jobs: | |
analyze: | |
name: Analyze (${{ matrix.language }}) | |
# Define the operating system for the job (macOS for Swift, Ubuntu for others) | |
runs-on: ubuntu-latest | |
# Define timeout for the job based on the language (2 hours for Swift, 6 hours for others) | |
timeout-minutes: 360 | |
# Define permissions required for the job | |
permissions: | |
security-events: write | |
actions: read | |
contents: read | |
# Define the matrix strategy for different languages | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- language: java-kotlin | |
# Define steps for the job | |
steps: | |
# Checkout the repository content | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Set up JDK 21 for Java analysis | |
- name: set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
cache: gradle | |
- name: Setup Android SDK | |
uses: android-actions/setup-android@v3 | |
# Create the local.properties file with CLIENT_ID and CLIENT_SECRET | |
- name: Create local.properties | |
run: | | |
echo "CLIENT_ID=${{ secrets.CLIENT_ID }}" >> local.properties | |
echo "CLIENT_SECRET=${{ secrets.CLIENT_SECRET }}" >> local.properties | |
- name: Create Google Service file | |
run: echo ${{ secrets.GOOGLE_SERVICES_JSON }} | base64 -di >> /home/runner/work/Metadator/Metadator/app/google-services.json | |
# Initialize CodeQL tools for scanning | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
build-mode: manual | |
- uses: gradle/actions/setup-gradle@v3 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Build with Gradle | |
run: ./gradlew assembleFoss | |
- name: Upload APK | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Metadator-${{ github.sha }}.apk | |
path: app/build/outputs/apk/foss/*.apk | |
# Perform CodeQL analysis | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:${{matrix.language}}" |