merged CodeQL workflow into main workflow.

This is a workaround which ensures that the test reports end up in the correct workflow.
apache · Dec 28, 2021 · 650ab1b · 650ab1b
1 parent 683ca63
commit 650ab1b
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 52 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -20,6 +20,9 @@ name: Apache Roller
 # junit report action
 # https://github.com/marketplace/actions/junit-report-action
 
+# CodeQL action
+# https://github.com/github/codeql-action#usage
+
 on:
   push:
     branches: [master]
@@ -68,3 +71,39 @@ jobs:
         with:
           check_name: IT Reports for Linux/JDK ${{ matrix.java }} 
           report_paths: 'it-selenium/target/failsafe-reports/TEST-*.xml'
+
+jobs:
+  analyze:
+    name: Analyze with CodeQL
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java', 'javascript']
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+      - name: Set up JDK 17
+        uses: actions/setup-java@v2
+        with:
+          java-version: 17
+          distribution: 'zulu'
+
+      - name: Checkout Project
+        uses: actions/checkout@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/codeql-config.yml
+
+      - name: Build Roller
+        run: mvn -DskipTests=true -V -ntp install
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1