Skip to content

CodeQL

CodeQL #237

name: "CodeQL"
on:
push:
branches: [develop, main]
pull_request:
branches: [develop]
schedule:
- cron: '0 8 * * 0'
jobs:
analyse:
name: Analyse
runs-on: macos-latest
# dependeabot has on push events only read-only access, but codeql requires write access
if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
cache: 'maven'
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java
- name: Build
run: mvn -B compile
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3