DRAFT: Declarative config 0.4 #45

Summary
Jobs
- analyze
Run details
- Usage
- Workflow file

Workflow file for this run

	name: CodeQL

	on:
	pull_request:
	branches:
	- main
	- release/*
	- benchmarks
	push:
	branches:
	- main
	- release/*
	- benchmarks
	schedule:
	- cron: "29 13 * * 2" # weekly at 13:29 UTC on Tuesday

	permissions:
	contents: read

	jobs:
	analyze:
	permissions:
	contents: read
	actions: read # for github/codeql-action/init to get workflow details
	security-events: write # for github/codeql-action/analyze to upload SARIF results
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Set up Java 17
	uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
	with:
	distribution: temurin
	java-version: 17

	- name: Set up gradle
	uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0

	- name: Initialize CodeQL
	uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
	with:
	languages: java, actions
	# using "latest" helps to keep up with the latest Kotlin support
	# see https://github.com/github/codeql-action/issues/1555#issuecomment-1452228433
	tools: latest

	- name: Assemble
	# --no-build-cache is required for codeql to analyze all modules
	# --no-daemon is required for codeql to observe the compilation
	# (see https://docs.github.com/en/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#specifying-build-commands)
	run: ./gradlew assemble --no-build-cache --no-daemon

	- name: Perform CodeQL analysis
	uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DRAFT: Declarative config 0.4 #45

Workflow file

DRAFT: Declarative config 0.4 #45

Jobs

Run details

Workflow file for this run