more changes

Signed-off-by: Nigel Jones <nigel.l.jones+git@gmail.com>
odpi · Mar 14, 2023 · ed4bde6 · ed4bde6
1 parent cec9cd7
commit ed4bde6
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 23 deletions.
diff --git a/.github/workflows/codeql-v4.yml b/.github/workflows/codeql-v4.yml
@@ -15,6 +15,10 @@ on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [main, egeria-release-4*]
+  workflow_dispatch:
+
+env:
+  CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
 
 jobs:
   analyze:
@@ -40,8 +44,8 @@ jobs:
         uses: github/codeql-action/init@v2
         with:
           languages: java
-          queries: security-extended
-          debug: true
+          queries: security-and-quality
+          ram: 4096
       - name: Build
         uses: gradle/gradle-build-action@v2
         with:
@@ -52,24 +56,4 @@ jobs:
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
         with:
-          upload: False
-          output: sarif-results
-      - name: filter-sarif
-        uses: advanced-security/filter-sarif@v1
-        with:
-          patterns: |
-            +**/*.java
-            -**/*Test*.java
-            -open-metadata-test/**/*.java
-          input: sarif-results/java.sarif
-          output: sarif-results/java.sarif
-      - name: Upload SARIF
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: sarif-results/java.sarif
-      - name: Upload loc as a Build Artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: sarif-results
-          path: sarif-results
-          retention-days: 5
+          ram: 4096
diff --git a/codeql-v4.yml b/codeql-v4.yml
@@ -0,0 +1,56 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright Contributors to the ODPi Egeria project.
+#
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+---
+name: "CodeQL Analysis v4"
+
+on:
+  #push:
+  #  branches: [main, egeria-release-4*]
+  #pull_request:
+  #  # The branches below must be a subset of the branches above
+  #  branches: [main, egeria-release-4*]
+  workflow_dispatch:
+
+env:
+  CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
+
+jobs:
+  analyze:
+    if: ${{ github.repository == 'odpi/egeria'}}
+    name: "CodeQL Build v4"
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - uses: gradle/wrapper-validation-action@v1
+      - name: Setup Java JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: java
+          queries: security-and-quality
+      - name: Build
+        uses: gradle/gradle-build-action@v2
+        with:
+          # codeQL requires a full before/after build to compare results. Caching can result in action failing
+          #cache-read-only: true
+          cache-disabled: true
+          arguments: -x javadoc -x test build -PskipOpenTypesFVT
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2