Skip to content

[SEC-3979] codeql workflow fix #966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[SEC-3979] codeql workflow fix #966

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c4550ea
[SEC-3979] codeql workflow fix
randall-wyatt Nov 25, 2025
ff8b8bf
Working on the flow
randall-wyatt Nov 25, 2025
d6b5dca
moved the install of jdk up
randall-wyatt Nov 25, 2025
1d7b3cc
working on the build
randall-wyatt Nov 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 25 additions & 15 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,14 @@ on:
branches: [ "master" ]

jobs:
analyze:
analyze-java:
name: Analyze Java
runs-on: ubuntu-latest
runs-on: 'ubuntu-latest'
permissions:
# required for all workflows
security-events: write

# required to fetch internal or private CodeQL packsCodeQ
# required to fetch internal or private CodeQL packs
packages: read

# only required for workflows in private repositories
Expand All @@ -25,23 +25,38 @@ jobs:
fail-fast: false
matrix:
include:
- language: java-kotlin
build-mode: autobuild
- language: java
build-mode: manual

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: '0'



- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
languages: java
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
queries: ${{ matrix.language == 'java-kotlin' && 'security-extended, security-and-quality' }}
queries: security-extended,security-and-quality

- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '11' # Specify the JDK version your project needs
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn clean test --file pom.xml
working-directory: ${{github.workspace}}


# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
Expand All @@ -52,12 +67,7 @@ jobs:
- if: matrix.build-mode == 'manual'
shell: bash
run: |
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
mvn -B clean install -DskipTests

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
Expand Down
Loading