# For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. name: "CodeQL JS Adapter" on: push: branches-ignore: - 'main' - 'dependabot/**' pull_request: branches: [main] paths: - 'adapters/oidc/js/**' - '.github/workflows/codeql-js-adapter-analysis.yml' schedule: - cron: '0 9 * * 2' concurrency: # Only run once for latest commit per ref and cancel other (previous) runs. group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: analyze: name: CodeQL analyze runs-on: ubuntu-latest if: github.repository == 'keycloak/keycloak' steps: - uses: actions/checkout@v3 - uses: actions/setup-java@v3 with: distribution: 'temurin' java-version: '11' cache: 'maven' - name: Update maven settings run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/ - name: Initialize CodeQL uses: github/codeql-action/init@v2.1.21 env: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}' with: languages: javascript source-root: adapters/oidc/js/ - name: Build Keycloak run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2.1.21 with: wait-for-processing: true env: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'