1- # For most projects, this workflow file will not need changing; you simply need
2- # to commit it to your repository.
3- #
4- # You may wish to alter this file to override the set of languages analyzed,
5- # or to provide custom queries or build logic.
6- #
7- # ******** NOTE ********
8- # We have attempted to detect the languages in your repository. Please check
9- # the `language` matrix defined below to confirm you have the correct set of
10- # supported CodeQL languages.
11- #
12- name : " CodeQL"
1+ name : " Code Scanning - Action"
132
143on :
154 push :
165 branches : [ master ]
176 pull_request :
18- # The branches below must be a subset of the branches above
197 branches : [ master ]
208 schedule :
21- - cron : ' 30 15 * * 2'
9+ # ┌───────────── minute (0 - 59)
10+ # │ ┌───────────── hour (0 - 23)
11+ # │ │ ┌───────────── day of the month (1 - 31)
12+ # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
13+ # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
14+ # │ │ │ │ │
15+ # │ │ │ │ │
16+ # │ │ │ │ │
17+ # * * * * *
18+ - cron : ' 30 1 * * 0'
2219
2320jobs :
24- analyze :
25- name : Analyze
21+ CodeQL-Build :
22+ # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
2623 runs-on : ubuntu-latest
24+
2725 permissions :
28- actions : read
29- contents : read
26+ # required for all workflows
3027 security-events : write
3128
32- strategy :
33- fail-fast : false
34- matrix :
35- language : [ 'java' ]
36- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
37- # Learn more:
38- # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
29+ # only required for workflows in private repositories
30+ actions : read
31+ contents : read
3932
4033 steps :
4134 - name : Checkout repository
42- uses : actions/checkout@v2
35+ uses : actions/checkout@v3
4336
4437 # Initializes the CodeQL tools for scanning.
4538 - name : Initialize CodeQL
46- uses : github/codeql-action/init@v1
39+ uses : github/codeql-action/init@v2
40+ # Override language selection by uncommenting this and choosing your languages
4741 with :
48- languages : ${{ matrix.language }}
49- # If you wish to specify custom queries, you can do so here or in a config file.
50- # By default, queries listed here will override any specified in a config file.
51- # Prefix the list here with "+" to use these queries and those in the config file.
52- # queries: ./path/to/local/query, your-org/your-repo/queries@main
42+ languages : java
5343
54- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
55- # If this step fails, then you should remove it and run the build manually (see below)
44+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go , or Java).
45+ # If this step fails, then you should remove it and run the build manually (see below).
5646 - name : Autobuild
57- uses : github/codeql-action/autobuild@v1
47+ uses : github/codeql-action/autobuild@v2
5848
5949 # ℹ️ Command-line programs to run using the OS shell.
60- # 📚 https://git.io/JvXDl
50+ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
6151
62- # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
63- # and modify them (or add more) to build your code if your project
64- # uses a compiled language
52+ # ✏️ If the Autobuild fails above, remove it and uncomment the following
53+ # three lines and modify them (or add more) to build your code if your
54+ # project uses a compiled language
6555
6656 # - run: |
67- # make bootstrap
68- # make release
57+ # make bootstrap
58+ # make release
6959
7060 - name : Perform CodeQL Analysis
71- uses : github/codeql-action/analyze@v1
61+ uses : github/codeql-action/analyze@v2
0 commit comments