diff --git a/.github/actions/commonSetup/action.yml b/.github/actions/commonSetup/action.yml
deleted file mode 100644
index c15b0e993b..0000000000
--- a/.github/actions/commonSetup/action.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: "common machine setup"
-description: "Prepares the machine"
-runs:
-  using: "composite"
-  steps:
-    - name: Set up JDK 17
-      uses: actions/setup-java@v2
-      with:
-        distribution: temurin
-        java-version: "17"
-
-    - name: "Setup Gradle"
-      uses: gradle/gradle-build-action@v2
-      with:
-        # See https://github.com/marketplace/actions/gradle-build-action#enable-dependency-graph-generation-for-a-workflow
-        dependency-graph: generate-and-submit
-        # Limit the size of the cache entry.
-        # These directories contain instrumented/transformed dependency jars which can be reconstructed relatively quickly.
-        gradle-home-cache-excludes: |
-          caches/jars-9
-          caches/transforms-3
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6f6b4c73d2..d753fc2249 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -50,6 +50,8 @@ jobs:
 
     strategy:
       fail-fast: false
+      matrix:
+        language: [ 'java' ]
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
@@ -62,8 +64,36 @@ jobs:
           # https://github.com/diffplug/spotless/issues/1242
           fetch-depth: 0
 
-      - name: Setup machine
-        uses: ./.github/actions/commonSetup
+      - name: Switch to Java 17 from Eclipse Temurin distro
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: temurin
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Build (minimal, for CodeQL) with Gradle
+        run: ./gradlew --scan --full-stacktrace compileDebugAndroidTestSources
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
+
+      # This needs to be done *AFTER* CodeQL; otherwise it fails weirdly, see https://github.com/google/android-fhir/issues/2310
+      - name: "Setup Gradle"
+        uses: gradle/gradle-build-action@v2
+        with:
+          # See https://github.com/marketplace/actions/gradle-build-action#enable-dependency-graph-generation-for-a-workflow
+          dependency-graph: generate-and-submit
+          # Limit the size of the cache entry.
+          # These directories contain instrumented/transformed dependency jars which can be reconstructed relatively quickly.
+          gradle-home-cache-excludes: |
+            caches/jars-9
+            caches/transforms-3
 
       - name: Spotless check
         run: ./gradlew spotlessCheck --scan --full-stacktrace
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
deleted file mode 100644
index 1f90d2cb89..0000000000
--- a/.github/workflows/codeql.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-name: "CodeQL"
-
-# NB: This GitHub Action for https://codeql.github.com seems to be
-# a bit "special"; it does not appear to be (easily) possible to just
-# integrate and run this as part of the main build.yaml action; see
-# https://github.com/google/android-fhir/issues/2310.
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "master" ]
-  schedule:
-    - cron: '32 13 * * 2'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.ref || || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-22.04-8core
-    timeout-minutes: 60
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'java' ]
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Switch to Java 17 from Eclipse Temurin distro
-      uses: actions/setup-java@v3
-      with:
-        java-version: 17
-        distribution: temurin
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-
-    # TODO: use Autobuild instead of ./gradlew after https://github.com/github/codeql-action/issues/1417 is fixed
-    # - name: Autobuild
-    #   uses: github/codeql-action/autobuild@v2
-    - name: Build with Gradle
-      run: ./gradlew --scan --full-stacktrace -Dorg.gradle.dependency.verification=off compileDebugAndroidTestSources
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"