Skip to content

CodeQL

CodeQL #977

Workflow file for this run

name: "CodeQL"
on:
push:
branches: [ "1.21.x" ]
pull_request:
branches: [ "1.21.x" ]
types:
- synchronize
- opened
- ready_for_review
- reopened
paths:
- '**.java'
schedule:
- cron: "57 19 * * 4"
jobs:
analyze:
name: Analyze
timeout-minutes: 60
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ java ]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 21
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: +security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
upload: false # disable the upload here - we will upload in a different action
output: sarif-results
- name: filter-sarif
uses: advanced-security/filter-sarif@v1
with:
# filter out NG generated MC sources
patterns: |
-build/tmp/.cache/**
-build/neoForm/**
input: sarif-results/${{ matrix.language }}.sarif
output: sarif-results/${{ matrix.language }}.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: sarif-results/${{ matrix.language }}.sarif