The CodeQL analysis is broken due to the large content of the generated SARIF file

[abstractj]

Describe the bug

The CodeQL analysis is broken due to the large content of the generated SARIF file.

Version

17.0.0

Anything else?

Ref: This is a follow up of #10108 (comment)

[andreaTP]

Is it an option to temporary disable the codeql analysis until we have a solution?

Currently the CodeQL analysis job in GH Action is keeping busy 1 runner for 40 minutes for each PR (out of 20 total runners available), this is seriously impacting every PR validation performance.

[abstractj]

@andreaTP please let's use this issue to discuss the solution. For requests like that, we can use other communication channels.

[DGuhr]

I just found github/codeql-action#820, seems to be kind of the same issue. perhaps we should also post a failing workflow run there and see if they provide some sugggestions? Also, there seems to be some suggestions inside (just scanned over it, though)

[abstractj]

Update:

The GitHub documentation states that paths-ignore is only available in the context of interpreted languages, for compiled languages like Java it's necessary to change the build steps to exclude the directories we need like: testsuite, examples, etc.

For that, it's necessary to remove autobuild from the CodeQL workflow and provide the custom build steps. The initial attempt was to skip all the tests, and also the adapters, but that did not reduce the size of the SARIF file, nor prevented the compilation of the testsuite:

- if: matrix.language == 'java' 
      name: Build Java
      run: |
        cd quarkus && mvn -f ../pom.xml clean install -Dmaven.test.skip -DskipAdapters -DskipTestsuite -DskipExamples -DskipTests

You can find the complete file here. @JoshuaMulliken may have other ideas. If there's anything that you would like to suggest as a fix, please let us know.

[abstractj]

@andreaTP @DGuhr FYI #10354