keycloak-scim/.github/workflows/codeql-theme-analysis.yml

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL Themes"

on:
  push:
    branches-ignore:
      - 'main'
      - 'dependabot/**'
  pull_request:
    branches: [main]
    paths: 
      - 'themes/src/**'
      - '.github/workflows/codeql-theme-analysis.yml'
  schedule:
    - cron: '0 9 * * 2'
    
jobs:
  analyze:
    name: CodeQL analyze
    runs-on: ubuntu-latest
    if: github.repository == 'keycloak/keycloak'

    steps:
    - uses: actions/checkout@v3
    - uses: actions/setup-java@v3
      with:
        distribution: 'temurin'
        java-version: '11'
        cache: 'maven'

    - name: Update maven settings
      run: mkdir -p ~/.m2 ; cp .github/settings.xml ~/.m2/

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2.1.16
      env: 
        CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
      with:
        languages: javascript
        source-root: themes/

    - name: Build Keycloak
      run: mvn -B install -DskipTests -DskipQuarkus -DskipTestsuite -DskipExamples -DskipTests

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2.1.16
      with:
        wait-for-processing: true
      env: 
        CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'