1# Based on default config generated by GitHub, see also https://github.com/github/codeql-action 2 3name: "CodeQL" 4 5on: 6 push: 7 branches: [ master ] 8 pull_request: 9 branches: [ master ] 10 schedule: 11 # Run every Monday at 16:10 12 - cron: '10 16 * * 1' 13 14jobs: 15 analyze: 16 name: Analyze 17 runs-on: ubuntu-latest 18 permissions: 19 security-events: write 20 21 strategy: 22 fail-fast: false 23 matrix: 24 language: [ 'java' ] 25 26 steps: 27 - name: Checkout repository 28 uses: actions/checkout@v3 29 30 # Initializes the CodeQL tools for scanning 31 - name: Initialize CodeQL 32 uses: github/codeql-action/init@v2 33 with: 34 languages: ${{ matrix.language }} 35 # Run all security queries and maintainability and reliability queries 36 queries: +security-and-quality 37 38 - name: Cache local Maven repository 39 uses: actions/cache@v3 40 with: 41 path: ~/.m2/repository 42 key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} 43 restore-keys: | 44 ${{ runner.os }}-maven- 45 46 # Only compile main sources, but ignore test sources because findings for them might not 47 # be that relevant (though GitHub security view also allows filtering by source type) 48 # Can replace this with github/codeql-action/autobuild action to run complete build 49 - name: Compile sources 50 run: | 51 mvn compile --batch-mode --no-transfer-progress 52 53 - name: Perform CodeQL Analysis 54 uses: github/codeql-action/analyze@v2 55