chore(deps): bump com.google.guava:guava from 31.1-jre to 32.0.0-jre #5

Workflow file for this run

.github/workflows/codeql-analysis.managed.yaml at 44377c0

	# THIS CODE WAS AUTOGENERATED. DO NOT MODIFY THIS FILE DIRECTLY
	# THE SOURCE CODE LIVES IN A DIFFERENT REPOSITORY:
	# - centralized-templates
	# FILE STEWARD: @pleo-io/security

	name: CodeQL Analysis

	on:
	push:
	branches:
	- main
	- master
	- develop
	pull_request:
	branches:
	- main
	- master
	- develop

	env:
	language_Kotlin: "java"
	language_Java: "java"
	language_Go: "go"
	language_Python: "python"
	language_JavaScript: "javascript"
	language_TypeScript: "javascript"
	WORKING_LANGUAGE: ""
	CONFIG_FILE: ""
	RUN_ON_DEFAULT_BRANCH: true
	GRADLE_SCRIPT_PATH: ./gradlew
	RUN_WIZCLI_DEPS_SCAN: <<runWizCliDepsScan>>>

	jobs:
	preflight:
	name: Determine if CodeQL should run
	runs-on: ubuntu-latest
	outputs:
	should_run_analyze: ${{ steps.maybe_skip_analyze.outputs.should_run_analyze }}
	working_language: ${{steps.working_language_step.outputs.WORKING_LANGUAGE}}
	steps:
	- uses: winterjung/split@a211a1c46e35fcdc4097d59dd6282d4a9859651b # v2
	id: split
	with:
	msg: ${{ github.repository }}
	separator: "/"
	- id: get_default_branch
	name: Determine our default branch
	uses: octokit/[email protected]
	with:
	route: GET /repos/{owner}/{repo}
	owner: ${{ github.repository_owner }}
	repo: ${{ steps.split.outputs._1 }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- id: set_default_branch
	name: Set our default branch
	run: echo "DEFAULT_BRANCH=${{ fromJson(steps.get_default_branch.outputs.data).default_branch }}" >> "$GITHUB_ENV"
	- id: maybe_skip_analyze
	name: Check if analyze should run
	shell: bash
	run: \|
	if [[ "${{ env.RUN_ON_DEFAULT_BRANCH }}" == "false" && "${{ github.ref }}" == "refs/heads/${{ env.DEFAULT_BRANCH }}" && "${{ github.event_name }}" == "push" ]]; then
	echo "Skipping CodeQL analysis on main branch due to configuration"
	echo "should_run_analyze=false" >> "$GITHUB_OUTPUT"
	else
	echo "Running CodeQL analysis"
	echo "should_run_analyze=true" >> "$GITHUB_OUTPUT"
	fi
	- id: working_language_step
	name: We check if the repository language is supported by CodeQL
	run: echo "WORKING_LANGUAGE=${{env[format('language_{0}', github.event.repository.language)]}}" >> "$GITHUB_OUTPUT"

	wiz-cli:
	name: Wiz-CLI
	runs-on: ubuntu-latest
	if: ${{ !contains(github.event.pull_request.labels.*.name, 'feature-deploy') && (github.ref != 'refs/heads/main' \|\| github.event_name != 'push') }}
	steps:
	- name: Scan Dependencies with Wiz-CLI
	uses: pleo-io/reusable-actions/wizcli@main
	if: ${{ env.RUN_WIZCLI_DEPS_SCAN == 'true' }}
	with:
	scan_deps: ${{ env.RUN_WIZCLI_DEPS_SCAN }}
	deps_scan_path: .
	deps_policy: Pleo-Default-vulnerabilities-policy
	wiz_client_id: ${{ secrets.WIZ_CLIENT_ID }}
	wiz_client_secret: ${{ secrets.WIZ_CLIENT_SECRET }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	analyze-code:
	name: Analyze code with CodeQL
	if: ${{ (needs.preflight.outputs.should_run_analyze == 'true') && (needs.preflight.outputs.working_language != '')}}
	needs:
	- preflight
	runs-on: codeql-runner
	timeout-minutes: 30
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
	- name: Set Working Language
	run: echo "WORKING_LANGUAGE=${{needs.preflight.outputs.working_language}}" >> "$GITHUB_ENV"
	# Set up a JDK environment for building, testing and releasing.
	- name: Set up JDK 17
	uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
	if: ${{ env.WORKING_LANGUAGE == 'java' }}
	with:
	java-version: 17
	distribution: temurin

	# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle.
	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
	if: ${{ env.WORKING_LANGUAGE == 'java' }}
	with:
	gradle-version: wrapper
	cache-read-only: true

	# Set up a Node environment for JS/TS/Node client generation.
	- name: Set up Node 20
	uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
	if: ${{ env.WORKING_LANGUAGE == 'javascript' }}
	with:
	node-version: 20

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3
	with:
	languages: ${{ github.event.repository.language }}
	ram: 4096
	queries: security-and-quality
	tools: latest
	config-file: ${{ env.CONFIG_FILE }}

	- name: Gradle Build
	run: ${{ env.GRADLE_SCRIPT_PATH }} classes testClasses --stacktrace -Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.parallel=true
	if: ${{ env.WORKING_LANGUAGE == 'java' }}
	env:
	GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
	GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
	JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3
	with:
	ram: 4096

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump com.google.guava:guava from 31.1-jre to 32.0.0-jre #5

Workflow file

chore(deps): bump com.google.guava:guava from 31.1-jre to 32.0.0-jre #5

Jobs

Run details

Workflow file for this run