a1c0e5b113
Workflows will only run when their own workflow file changes, not on other workflow files. Dependabot branches are ignored for "push" builds, will only run on "pull" builds as code scanning on dependabot is not available for "push" builds. Closes #12911
51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
# For most projects, this workflow file will not need changing; you simply need
|
|
# to commit it to your repository.
|
|
#
|
|
# You may wish to alter this file to override the set of languages analyzed,
|
|
# or to provide custom queries or build logic.
|
|
name: "CodeQL Java"
|
|
|
|
on:
|
|
push:
|
|
branches-ignore:
|
|
- 'main'
|
|
- 'dependabot/**'
|
|
pull_request:
|
|
branches: [main]
|
|
paths:
|
|
- '**.java'
|
|
- '.github/workflows/codeql-java-analysis.yml'
|
|
schedule:
|
|
- cron: '0 9 * * 2'
|
|
|
|
jobs:
|
|
analyze:
|
|
name: CodeQL analyze
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'keycloak/keycloak'
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: actions/setup-java@v3
|
|
with:
|
|
distribution: 'temurin'
|
|
java-version: '11'
|
|
cache: 'maven'
|
|
|
|
- name: Update maven settings
|
|
run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v2.1.15
|
|
with:
|
|
languages: java
|
|
|
|
- name: Build Keycloak
|
|
run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v2.1.15
|
|
with:
|
|
wait-for-processing: true
|
|
env:
|
|
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
|