name: CodeQL on: push: branches-ignore: - main - dependabot/** pull_request: branches: [main] schedule: - cron: 0 9 * * 2 concurrency: # Only cancel jobs for PR updates group: codeql-analysis-${{ github.head_ref || github.run_id }} cancel-in-progress: true defaults: run: shell: bash jobs: changes: name: Check changes if: github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' runs-on: ubuntu-latest outputs: java: ${{ steps.changes.outputs.java }} themes: ${{ steps.changes.outputs.themes }} js-adapter: ${{ steps.changes.outputs.js-adapter }} steps: - uses: actions/checkout@v3 - id: changes uses: ./.github/actions/changed-files java: name: CodeQL Java needs: changes runs-on: ubuntu-latest if: needs.changes.outputs.java == 'true' outputs: conclusion: ${{ steps.check.outputs.conclusion }} steps: - uses: actions/checkout@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v2.1.37 with: languages: java - name: Build Keycloak uses: ./.github/actions/build-keycloak - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2.1.37 with: wait-for-processing: true env: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}' - id: check uses: ./.github/actions/checks-success js-adapter: name: CodeQL JavaScript Adapter needs: changes runs-on: ubuntu-latest if: needs.changes.outputs.js-adapter == 'true' outputs: conclusion: ${{ steps.check.outputs.conclusion }} steps: - uses: actions/checkout@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v2.1.37 env: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}' with: languages: javascript source-root: adapters/oidc/js/src/ - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2.1.37 with: wait-for-processing: true env: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}' - id: check uses: ./.github/actions/checks-success themes: name: CodeQL Themes needs: changes runs-on: ubuntu-latest if: needs.changes.outputs.themes == 'true' outputs: conclusion: ${{ steps.check.outputs.conclusion }} steps: - uses: actions/checkout@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v2.1.37 env: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}' with: languages: javascript source-root: themes/src/main/ - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2.1.37 with: wait-for-processing: true env: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}' - id: check uses: ./.github/actions/checks-success check: name: Status Check - CodeQL if: always() && ( github.event_name != 'schedule' || github.repository == 'keycloak/keycloak' ) needs: [changes, java, js-adapter, themes] runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: CodeQL Java uses: ./.github/actions/checks-job-pass with: required: ${{ needs.changes.outputs.java }} conclusion: ${{ needs.java.outputs.conclusion }} - name: CodeQL JavaScript Adapter uses: ./.github/actions/checks-job-pass with: required: ${{ needs.changes.outputs.js-adapter }} conclusion: ${{ needs.js-adapter.outputs.conclusion }} - name: CodeQL Themes uses: ./.github/actions/checks-job-pass with: required: ${{ needs.changes.outputs.themes }} conclusion: ${{ needs.themes.outputs.conclusion }}