From c4550ea03d61c7236c2158a0003b162f1e2e317f Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 25 Nov 2025 15:16:14 -0500 Subject: [PATCH 01/23] [SEC-3979] codeql workflow fix --- .github/workflows/codeql.yml | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7ac6c2e1b..fda59269f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -7,14 +7,14 @@ on: branches: [ "master" ] jobs: - analyze: + analyze-java: name: Analyze Java - runs-on: ubuntu-latest + runs-on: 'ubuntu-latest' permissions: # required for all workflows security-events: write - # required to fetch internal or private CodeQL packsCodeQ + # required to fetch internal or private CodeQL packs packages: read # only required for workflows in private repositories @@ -26,22 +26,32 @@ jobs: matrix: include: - language: java-kotlin - build-mode: autobuild + build-mode: manual + steps: - name: Checkout repository uses: actions/checkout@v4 + with: + fetch-depth: '0' + - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} + languages: java # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - queries: ${{ matrix.language == 'java-kotlin' && 'security-extended, security-and-quality' }} + queries: security-extended,security-and-quality + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '11' # Specify the JDK version your project needs + distribution: 'temurin' + cache: maven # If the analyze step fails for one of the languages you are analyzing with # "We were unable to automatically build your code", modify the matrix above @@ -52,12 +62,7 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - echo 'If you are using a "manual" build mode for one or more of the' \ - 'languages you are analyzing, replace this with the commands to build' \ - 'your code, for example:' - echo ' make bootstrap' - echo ' make release' - exit 1 + mvn -B clean install -DskipTests - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From ff8b8bfd3e95e7b4b111387c1a2be9fdba198d0e Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 25 Nov 2025 15:19:38 -0500 Subject: [PATCH 02/23] Working on the flow --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fda59269f..e6479ae95 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,7 +25,7 @@ jobs: fail-fast: false matrix: include: - - language: java-kotlin + - language: java build-mode: manual steps: @@ -36,7 +36,7 @@ jobs: - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: java # If you wish to specify custom queries, you can do so here or in a config file. From d6b5dca191f32b8da8ce3be9438cdfcbf8a45345 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 25 Nov 2025 15:20:34 -0500 Subject: [PATCH 03/23] moved the install of jdk up --- .github/workflows/codeql.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e6479ae95..1fe07f787 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,6 +34,12 @@ jobs: with: fetch-depth: '0' + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '11' # Specify the JDK version your project needs + distribution: 'temurin' + cache: maven - name: Initialize CodeQL uses: github/codeql-action/init@v4 @@ -46,12 +52,6 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs queries: security-extended,security-and-quality - - name: Set up JDK - uses: actions/setup-java@v4 - with: - java-version: '11' # Specify the JDK version your project needs - distribution: 'temurin' - cache: maven # If the analyze step fails for one of the languages you are analyzing with # "We were unable to automatically build your code", modify the matrix above From 1d7b3ccebef1ea3706329d01cf9da41774d896f1 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 25 Nov 2025 15:22:49 -0500 Subject: [PATCH 04/23] working on the build --- .github/workflows/codeql.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1fe07f787..61cfa0765 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,12 +34,7 @@ jobs: with: fetch-depth: '0' - - name: Set up JDK - uses: actions/setup-java@v4 - with: - java-version: '11' # Specify the JDK version your project needs - distribution: 'temurin' - cache: maven + - name: Initialize CodeQL uses: github/codeql-action/init@v4 @@ -52,6 +47,16 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs queries: security-extended,security-and-quality + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '11' # Specify the JDK version your project needs + distribution: 'temurin' + cache: maven + - name: Build with Maven + run: mvn clean test --file pom.xml + working-directory: ${{github.workspace}} + # If the analyze step fails for one of the languages you are analyzing with # "We were unable to automatically build your code", modify the matrix above From fd4c89cbe9bac2b39a51124f35a438cbad470f24 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 1 Dec 2025 09:50:20 -0500 Subject: [PATCH 05/23] working on the build again --- .github/workflows/codeql.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 61cfa0765..5ba7bb23d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -50,12 +50,9 @@ jobs: - name: Set up JDK uses: actions/setup-java@v4 with: - java-version: '11' # Specify the JDK version your project needs + java-version: '11' distribution: 'temurin' cache: maven - - name: Build with Maven - run: mvn clean test --file pom.xml - working-directory: ${{github.workspace}} # If the analyze step fails for one of the languages you are analyzing with From 0db074dc86bac8a3e81788061b835f42b749af88 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 1 Dec 2025 09:52:26 -0500 Subject: [PATCH 06/23] more build issues --- .github/workflows/codeql.yml | 30 ++++-------------------------- 1 file changed, 4 insertions(+), 26 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5ba7bb23d..34fd8dead 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,13 +11,8 @@ jobs: name: Analyze Java runs-on: 'ubuntu-latest' permissions: - # required for all workflows security-events: write - - # required to fetch internal or private CodeQL packs packages: read - - # only required for workflows in private repositories actions: read contents: read @@ -26,47 +21,30 @@ jobs: matrix: include: - language: java - build-mode: manual steps: - name: Checkout repository uses: actions/checkout@v4 with: + # Fetch all history to ensure accurate CodeQL analysis fetch-depth: '0' - - - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: languages: java - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs queries: security-extended,security-and-quality - - name: Set up JDK + - name: Set up JDK (with fixed cache path) 💡 uses: actions/setup-java@v4 with: java-version: '11' distribution: 'temurin' cache: maven + cache-dependency-path: '**/pom.xml' - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash - run: | - mvn -B clean install -DskipTests - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: - category: "/language:${{matrix.language}}" + category: "/language:${{matrix.language}}" \ No newline at end of file From f5f568cea77b25e9cabf2b4993294129fa06b25b Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 1 Dec 2025 09:54:00 -0500 Subject: [PATCH 07/23] working on trying to find the pom file --- .github/workflows/codeql.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 34fd8dead..60ac0c175 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,9 +26,14 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: - # Fetch all history to ensure accurate CodeQL analysis fetch-depth: '0' + - name: DEBUG - List Files 💡 + run: | + # The current working directory is already the root of the checked-out repo + pwd + ls -R + - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: From 1f52c2be2cdec8a3844a7a650dbdfe791c7b0773 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 1 Dec 2025 10:04:53 -0500 Subject: [PATCH 08/23] working on trying to get it to build --- .github/workflows/codeql.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 60ac0c175..1b29a2eb0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,6 +21,7 @@ jobs: matrix: include: - language: java + build-mode: manual steps: - name: Checkout repository @@ -45,8 +46,9 @@ jobs: with: java-version: '11' distribution: 'temurin' - cache: maven - cache-dependency-path: '**/pom.xml' + + - name: CodeQL Manual Build and Install (Traced) + run: mvn -B clean install -DskipTests - name: Perform CodeQL Analysis From 3f7157c51cf1a3e72a8d8746a5cf26ea64d1b9e8 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 1 Dec 2025 13:21:21 -0500 Subject: [PATCH 09/23] working on trying to get it to build --- .github/workflows/codeql.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1b29a2eb0..1b6eac4db 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,27 +29,28 @@ jobs: with: fetch-depth: '0' - - name: DEBUG - List Files 💡 - run: | - # The current working directory is already the root of the checked-out repo - pwd - ls -R - - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: languages: java queries: security-extended,security-and-quality - - name: Set up JDK (with fixed cache path) 💡 + - name: Set up JDK (configured for Gradle) uses: actions/setup-java@v4 with: java-version: '11' distribution: 'temurin' + cache: gradle + cache-dependency-path: | + **/build.gradle + **/settings.gradle + **/gradle-wrapper.properties - - name: CodeQL Manual Build and Install (Traced) - run: mvn -B clean install -DskipTests + - name: Configure Gradle Wrapper Permissions + run: chmod +x gradlew + - name: CodeQL Manual Build with Gradle (Traced) + run: ./gradlew assembleRelease -x test -x lint - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From c4968b1fa45adc8fbc48b6178d79d1d66fa00dcc Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 1 Dec 2025 13:23:42 -0500 Subject: [PATCH 10/23] working on trying to get it to build again --- .github/workflows/codeql.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1b6eac4db..0804e61cf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,6 +46,9 @@ jobs: **/settings.gradle **/gradle-wrapper.properties + - name: Set up Android SDK + uses: android-actions/setup-android@v3 + - name: Configure Gradle Wrapper Permissions run: chmod +x gradlew From 14f5aa06bac16bae4e8317149973093b0d68adf3 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 1 Dec 2025 13:25:35 -0500 Subject: [PATCH 11/23] working on trying to get it to build again --- .github/workflows/codeql.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0804e61cf..b7f54bfc3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,8 @@ jobs: - name: Set up JDK (configured for Gradle) uses: actions/setup-java@v4 with: - java-version: '11' + # CHANGE: Update the version from '11' to '17' + java-version: '17' distribution: 'temurin' cache: gradle cache-dependency-path: | From 0ef9389a04848903c8d5e96d22bf2f46ccfc4c68 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 10:18:59 -0500 Subject: [PATCH 12/23] pulling information from other workflows to try something --- .github/workflows/codeql.yml | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b7f54bfc3..67a099325 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,6 +16,7 @@ jobs: actions: read contents: read + strategy: fail-fast: false matrix: @@ -29,33 +30,22 @@ jobs: with: fetch-depth: '0' + - name: Validate Gradle Wrapper + uses: gradle/wrapper-validation-action@216d1ad2b3710bf005dc39237337b9673fd8fcd5 # v3.3.2 + + - name: Configure JDK + uses: actions/setup-java@d202f5dbf7256730fb690ec59f6381650114feb2 # v1.4.3 + with: + java-version: 17 + + - run: touch local.properties + - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: languages: java queries: security-extended,security-and-quality - - name: Set up JDK (configured for Gradle) - uses: actions/setup-java@v4 - with: - # CHANGE: Update the version from '11' to '17' - java-version: '17' - distribution: 'temurin' - cache: gradle - cache-dependency-path: | - **/build.gradle - **/settings.gradle - **/gradle-wrapper.properties - - - name: Set up Android SDK - uses: android-actions/setup-android@v3 - - - name: Configure Gradle Wrapper Permissions - run: chmod +x gradlew - - - name: CodeQL Manual Build with Gradle (Traced) - run: ./gradlew assembleRelease -x test -x lint - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: From fa704a3b277d945c7caaef8474e1f8c6d1db30a1 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 10:20:19 -0500 Subject: [PATCH 13/23] upversioning the analysis package --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 67a099325..9df08a98d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -47,6 +47,6 @@ jobs: queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: "/language:${{matrix.language}}" \ No newline at end of file From 361686f66c46cfdfc9cafb2a14ef611a0096e259 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 10:23:04 -0500 Subject: [PATCH 14/23] trying autobuild --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9df08a98d..9c75e2f94 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,7 +22,7 @@ jobs: matrix: include: - language: java - build-mode: manual + build-mode: autobuild steps: - name: Checkout repository From c1b744b10efce5cae59e7d09e5c7f1da4bc16baa Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 10:25:35 -0500 Subject: [PATCH 15/23] changing language to java-kotlin --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9c75e2f94..6829f4b78 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ jobs: fail-fast: false matrix: include: - - language: java + - language: java-kotlin build-mode: autobuild steps: From 90cc21d6d193382e1ea737d58418e2c2d7fd99f1 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 10:47:03 -0500 Subject: [PATCH 16/23] moving the build things to after the init --- .github/workflows/codeql.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6829f4b78..dd22a5426 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,6 +30,12 @@ jobs: with: fetch-depth: '0' + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: java + queries: security-extended,security-and-quality + - name: Validate Gradle Wrapper uses: gradle/wrapper-validation-action@216d1ad2b3710bf005dc39237337b9673fd8fcd5 # v3.3.2 @@ -40,12 +46,6 @@ jobs: - run: touch local.properties - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: java - queries: security-extended,security-and-quality - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 with: From 3e76d7a23c0531d74fe90af659ad21d6a96ee03a Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 10:53:40 -0500 Subject: [PATCH 17/23] updating things in the workflow --- .github/workflows/codeql.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dd22a5426..e04e68496 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ jobs: fail-fast: false matrix: include: - - language: java-kotlin + - language: java build-mode: autobuild steps: @@ -37,12 +37,13 @@ jobs: queries: security-extended,security-and-quality - name: Validate Gradle Wrapper - uses: gradle/wrapper-validation-action@216d1ad2b3710bf005dc39237337b9673fd8fcd5 # v3.3.2 + uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - name: Configure JDK - uses: actions/setup-java@d202f5dbf7256730fb690ec59f6381650114feb2 # v1.4.3 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 with: java-version: 17 + distribution: 'gradle' - run: touch local.properties From 1869d7cbc7083c979482671af46bb0214c9c9961 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 10:55:21 -0500 Subject: [PATCH 18/23] updating things in the workflow --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e04e68496..1fba049aa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,10 +40,10 @@ jobs: uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - name: Configure JDK - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 - distribution: 'gradle' + distribution: 'temurin' - run: touch local.properties From 61bff9093b76819f908533d6360deffb79d53853 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 11:06:36 -0500 Subject: [PATCH 19/23] updating things in the workflow --- .github/workflows/codeql.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1fba049aa..81f93fff6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -47,6 +47,18 @@ jobs: - run: touch local.properties + - name: CodeQL Manual Build (Disable Daemon & Trace) + run: | + CODEQL_BIN="/opt/hostedtoolcache/CodeQL/2.23.6/x64/codeql/codeql" + DB_PATH="/home/runner/work/_temp/codeql_databases/java" + + # Execute the trace-command with the crucial --no-daemon flag + $CODEQL_BIN database trace-command \ + --database $DB_PATH \ + --lang java \ + -- \ + ./gradlew assembleRelease --no-daemon -x test -x lint + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 with: From 55145d8bbad0b6c75dd4a3935b3d792c10bb3e8e Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 11:08:08 -0500 Subject: [PATCH 20/23] updating things in the workflow --- .github/workflows/codeql.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 81f93fff6..26cb33152 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -51,13 +51,7 @@ jobs: run: | CODEQL_BIN="/opt/hostedtoolcache/CodeQL/2.23.6/x64/codeql/codeql" DB_PATH="/home/runner/work/_temp/codeql_databases/java" - - # Execute the trace-command with the crucial --no-daemon flag - $CODEQL_BIN database trace-command \ - --database $DB_PATH \ - --lang java \ - -- \ - ./gradlew assembleRelease --no-daemon -x test -x lint + ./gradlew assembleRelease --no-daemon -x test -x lint - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 From 5bb57d2acc21ef3dd3fa292f1ebcfb05c2a6c2e3 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 13:08:49 -0500 Subject: [PATCH 21/23] updating things in the workflow --- .github/workflows/codeql.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 26cb33152..b67e02da6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,9 +36,6 @@ jobs: languages: java queries: security-extended,security-and-quality - - name: Validate Gradle Wrapper - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - - name: Configure JDK uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: From d2c1ceb97d1ed59cf9ead89e28635148b065988d Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 13:14:47 -0500 Subject: [PATCH 22/23] google svcs config --- .github/workflows/codeql.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b67e02da6..a0b217289 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,6 +42,16 @@ jobs: java-version: 17 distribution: 'temurin' + - name: Setup Google Services Configuration + run: | + echo "Setting up Google Services configuration for CI..." + # Ensure the google-services.json file exists for the build + if [ ! -f "integration-tests/google-services.json" ]; then + echo "Creating google-services.json from template..." + cp integration-tests/google-services.json.template integration-tests/google-services.json + fi + echo "Google Services configuration ready" + - run: touch local.properties - name: CodeQL Manual Build (Disable Daemon & Trace) From 45b9bed86e423ab1e03068c2e768ffdf57d54427 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Tue, 2 Dec 2025 15:40:01 -0500 Subject: [PATCH 23/23] reverting the jdk sha --- .github/workflows/codeql.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a0b217289..7b464e7a5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,10 +37,9 @@ jobs: queries: security-extended,security-and-quality - name: Configure JDK - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@d202f5dbf7256730fb690ec59f6381650114feb2 # v1.4.3 with: java-version: 17 - distribution: 'temurin' - name: Setup Google Services Configuration run: |