.github/workflows/codeql-analysis.yml

   1 # SPDX-FileCopyrightText: The Storage-Units Authors
   2 # SPDX-License-Identifier: 0BSD
   3
   4 name: CodeQL
   5 on:
   6   push:
   7     branches: [ main ]
   8   pull_request:
   9     branches: [ main ]
  10   schedule:
  11     - cron: 42 3 * * 5
  12 jobs:
  13   analyze:
  14     name: Analyze
  15     runs-on: ubuntu-latest
  16     permissions:
  17       actions: read
  18       contents: read
  19       security-events: write
  20     strategy:
  21       fail-fast: false
  22       matrix:
  23         language: [ java ]
  24     steps:
  25     - name: Checkout repository
  26       uses: actions/checkout@v3
  27     - name: Set up Java
  28       uses: actions/setup-java@v3
  29       with:
  30         java-version: 17
  31         java-package: jdk
  32         architecture: x64
  33         distribution: temurin
  34     - name: Cache Maven Artifacts
  35       uses: actions/cache@v3
  36       with:
  37         path: ~/.m2/repository
  38         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
  39         restore-keys: |
  40           ${{ runner.os }}-maven-
  41     - name: Initialize CodeQL
  42       uses: github/codeql-action/init@v2
  43       with:
  44         languages: ${{ matrix.language }}
  45     - name: Autobuild
  46       uses: github/codeql-action/autobuild@v2
  47     - name: Perform CodeQL Analysis
  48       uses: github/codeql-action/analyze@v2