build(deps): Bump gradle/gradle-build-action from 9bca466e2722baf9e77b4f929bbe0af18848791f to 87a9a15658c426a54dd469d4fc7dc1a73ca9d4a6 #1308
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'CodeQL' | |
on: | |
push: | |
branches-ignore: | |
- 'dependabot/**' | |
paths: | |
- '**.java' | |
- '.github/**/*codeql*' | |
pull_request: | |
paths: | |
- '**.java' | |
- '.github/**/*codeql*' | |
env: | |
LC_ALL: en_US.UTF-8 | |
GRADLE_OPTS: >- | |
-Dorg.gradle.parallel=true | |
MAVEN_OPTS: >- | |
-Dhttp.keepAlive=false | |
-Dmaven.wagon.http.pool=false | |
-Dmaven.wagon.http.retryHandler.count=3 | |
defaults: | |
run: | |
shell: bash | |
permissions: | |
contents: read | |
jobs: | |
analyze: | |
permissions: | |
security-events: write # for github/codeql-action/analyze to upload SARIF results | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- 'ubuntu-latest' | |
java: | |
- '17' | |
name: CodeQL JDK${{ matrix.java }} ${{ matrix.os }} | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | |
with: | |
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
- name: Checkout repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- name: Set up Java ${{ matrix.java }} | |
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 | |
with: | |
distribution: 'temurin' | |
java-version: ${{ matrix.java }} | |
- name: Set up Gradle | |
uses: gradle/gradle-build-action@87a9a15658c426a54dd469d4fc7dc1a73ca9d4a6 | |
- name: Initialize CodeQL Analysis | |
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a | |
with: | |
languages: 'java' | |
- name: Build for CodeQL Analysis | |
id: build | |
run: | | |
./.github/scripts/codeql-build.sh | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a |