feat: Add support for custom code templates (fix #987) #340
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax | |
| name: CodeQL | |
| on: # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows | |
| schedule: | |
| # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule | |
| - cron: "30 18 * * 1" # Mondays 18:30 UTC | |
| push: | |
| branches: [ "main" ] | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.png' | |
| - '**/.project' | |
| - '**/.settings/*.prefs' | |
| - '.gitignore' | |
| - '.actrc' | |
| - 'Jenkinsfile' | |
| pull_request: | |
| branches: [ "main" ] | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.png' | |
| - '**/.project' | |
| - '**/.settings/*.prefs' | |
| - '.gitignore' | |
| - '.actrc' | |
| - 'Jenkinsfile' | |
| workflow_dispatch: | |
| # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#workflow_dispatch | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| JAVA_VERSION: 21 | |
| jobs: | |
| ########################################################### | |
| analyze: | |
| ########################################################### | |
| concurrency: | |
| group: codeql-${{ github.workflow }}-${{ github.ref }}-${{ matrix.language }} | |
| cancel-in-progress: true | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # build-mode: https://github.com/github/codeql-action#build-modes | |
| - language: actions | |
| build-mode: none | |
| - language: java | |
| build-mode: manual | |
| - language: javascript | |
| build-mode: none | |
| - language: python | |
| build-mode: none | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required for all workflows | |
| security-events: write | |
| # required to fetch internal or private CodeQL packs | |
| packages: read | |
| # only required for workflows in private repositories | |
| actions: read | |
| contents: read | |
| timeout-minutes: 15 | |
| steps: | |
| - name: "Show: GitHub context" | |
| env: | |
| GITHUB_CONTEXT: ${{ toJSON(github) }} | |
| run: echo $GITHUB_CONTEXT | |
| - name: "Show: environment variables" | |
| run: env | sort | |
| - name: Git Checkout | |
| uses: actions/checkout@v6 # https://github.com/actions/checkout | |
| - name: "Install: JDK 21 for Compilation ☕" | |
| uses: actions/setup-java@v5 # https://github.com/actions/setup-java | |
| if: matrix.language == 'java' | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - name: "Install: JDK 25 for Maven/Tycho ☕" | |
| uses: actions/setup-java@v5 # https://github.com/actions/setup-java | |
| if: matrix.language == 'java' | |
| with: | |
| distribution: temurin | |
| java-version: 25 | |
| - name: "Cache: Local Maven Repository" | |
| uses: actions/cache/restore@v4 | |
| if: matrix.language == 'java' | |
| with: | |
| # Excluded sub directory not working https://github.com/actions/toolkit/issues/713 | |
| path: | | |
| ~/.m2/repository/* | |
| !~/.m2/repository/.cache/tycho | |
| !~/.m2/repository/.meta/p2-artifacts.properties | |
| !~/.m2/repository/p2 | |
| !~/.m2/repository/*SNAPSHOT* | |
| key: ${{ runner.os }}-${{ runner.arch }}-repo-mvn-${{ hashFiles('**/pom.xml') }} | |
| - name: "Cache: Local Tycho Repository" | |
| uses: actions/cache/restore@v4 | |
| if: matrix.language == 'java' | |
| with: | |
| path: | | |
| ~/.m2/repository/.cache/tycho | |
| ~/.m2/repository/.meta/p2-artifacts.properties | |
| ~/.m2/repository/p2 | |
| key: ${{ runner.os }}-${{ runner.arch }}-repo-tycho-${{ hashFiles('target-platforms/oldest.target') }} | |
| # https://docs.github.com/en/code-security/code-scanning | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 # https://github.com/github/codeql-action | |
| with: | |
| languages: ${{ matrix.language }} | |
| # https://github.com/github/codeql-action#build-modes | |
| build-mode: ${{ matrix.build-mode }} | |
| # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-queries-in-ql-packs | |
| config-file: ./.github/codeql/codeql-config.yml | |
| - name: "Build with Maven 🔨" | |
| if: matrix.language == 'java' | |
| run: | | |
| set -euo pipefail | |
| MAVEN_OPTS="${MAVEN_OPTS:-}" | |
| MAVEN_OPTS+=" -Djava.security.egd=file:/dev/./urandom" # https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for/59097932#59097932 | |
| MAVEN_OPTS+=" -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" # https://stackoverflow.com/questions/5120470/how-to-time-the-different-stages-of-maven-execution/49494561#49494561 | |
| export MAVEN_OPTS | |
| echo "MAVEN_OPTS: $MAVEN_OPTS" | |
| ./mvnw \ | |
| --no-transfer-progress \ | |
| --batch-mode \ | |
| -Dmaven.test.skip=true \ | |
| clean verify | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 # https://github.com/github/codeql-action | |
| with: | |
| category: "/language:${{matrix.language}}" |