diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7ac6c2e1b..7b464e7a5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -7,59 +7,59 @@ on: branches: [ "master" ] jobs: - analyze: + analyze-java: name: Analyze Java - runs-on: ubuntu-latest + runs-on: 'ubuntu-latest' permissions: - # required for all workflows security-events: write - - # required to fetch internal or private CodeQL packsCodeQ packages: read - - # only required for workflows in private repositories actions: read contents: read + strategy: fail-fast: false matrix: include: - - language: java-kotlin + - language: java build-mode: autobuild + steps: - name: Checkout repository uses: actions/checkout@v4 + with: + fetch-depth: '0' - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + languages: java + queries: security-extended,security-and-quality + + - name: Configure JDK + uses: actions/setup-java@d202f5dbf7256730fb690ec59f6381650114feb2 # v1.4.3 + with: + java-version: 17 + + - name: Setup Google Services Configuration + run: | + echo "Setting up Google Services configuration for CI..." + # Ensure the google-services.json file exists for the build + if [ ! -f "integration-tests/google-services.json" ]; then + echo "Creating google-services.json from template..." + cp integration-tests/google-services.json.template integration-tests/google-services.json + fi + echo "Google Services configuration ready" - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - queries: ${{ matrix.language == 'java-kotlin' && 'security-extended, security-and-quality' }} + - run: touch local.properties - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash + - name: CodeQL Manual Build (Disable Daemon & Trace) run: | - echo 'If you are using a "manual" build mode for one or more of the' \ - 'languages you are analyzing, replace this with the commands to build' \ - 'your code, for example:' - echo ' make bootstrap' - echo ' make release' - exit 1 + CODEQL_BIN="/opt/hostedtoolcache/CodeQL/2.23.6/x64/codeql/codeql" + DB_PATH="/home/runner/work/_temp/codeql_databases/java" + ./gradlew assembleRelease --no-daemon -x test -x lint - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: - category: "/language:${{matrix.language}}" + category: "/language:${{matrix.language}}" \ No newline at end of file