From f03b6e5042dc6f196fca369ee342e69301f3a463 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 6 Jun 2025 21:02:33 -0700 Subject: [PATCH 1/3] Faster CodeQL --- .github/workflows/codeql.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bd12e8f8a..270fc3f50 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -6,6 +6,9 @@ on: - main - release/* pull_request: + branches: + - main + - release/* # TODO (trask) adding this to the merge queue causes the merge queue to fail # see related issues # - https://github.com/github/codeql-action/issues/1572 @@ -20,10 +23,17 @@ permissions: jobs: analyze: + name: Analyze (${{ matrix.language }}) permissions: contents: read actions: read # for github/codeql-action/init to get workflow details security-events: write # for github/codeql-action/analyze to upload SARIF results + strategy: + fail-fast: false + matrix: + include: + - language: actions + - language: javascript-typescript runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -40,7 +50,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19 with: - languages: java, actions + languages: ${{ matrix.language }} # using "latest" helps to keep up with the latest Kotlin support # see https://github.com/github/codeql-action/issues/1555#issuecomment-1452228433 tools: latest @@ -53,3 +63,5 @@ jobs: - name: Perform CodeQL analysis uses: github/codeql-action/analyze@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19 + with: + category: "/language:${{matrix.language}}" From 7af68fab2fa7296b2a9995b083bb7bd23196c277 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 6 Jun 2025 21:11:47 -0700 Subject: [PATCH 2/3] oops, java --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 270fc3f50..fe29ef1c3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: matrix: include: - language: actions - - language: javascript-typescript + - language: java runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 From 8b2b158952ad936c477f1293b74a48c9df00b26a Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 6 Jun 2025 21:12:19 -0700 Subject: [PATCH 3/3] optimize --- .github/workflows/codeql.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fe29ef1c3..5158ca483 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -39,12 +39,14 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Java 17 + if: matrix.language == 'java' uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: temurin java-version: 17 - name: Set up gradle + if: matrix.language == 'java' uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 - name: Initialize CodeQL @@ -56,6 +58,7 @@ jobs: tools: latest - name: Assemble + if: matrix.language == 'java' # --no-build-cache is required for codeql to analyze all modules # --no-daemon is required for codeql to observe the compilation # (see https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#specifying-build-commands)