spotbugs-gradle-plugin/.github/workflows/codeql.yaml at f2d1b3558917de250711e7d8aec45e963ef83f60 · spotbugs/spotbugs-gradle-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# refs https://github.com/github/codeql-action
name: "Code Scanning - Action"

on:
  push:
    branches:
      - master
  pull_request: {}

permissions:
  actions: read
  contents: read
  security-events: write

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.sha }}
  cancel-in-progress: true

jobs:
  CodeQL-Build:
    runs-on: ubuntu-latest
    timeout-minutes: 30
    if: github.repository == 'spotbugs/spotbugs-gradle-plugin'

    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

      # If this run was triggered by a pull request event then checkout
      # the head of the pull request instead of the merge commit.
      # Only include this step if you are running this workflow on pull requests.
      - run: git checkout HEAD^2
        if: ${{ github.event_name == 'pull_request' }}
      - name: Set up JDK
        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
          distribution: 'temurin'
          java-version-file: .java-version
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6
      - name: Scan the project
        run: ./gradlew detekt --scan
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: build/reports/detekt/detekt.sarif