Skip to content

CodeQL

CodeQL #617

Workflow file for this run

# https://github.com/github/codeql-action/blob/main/init/action.yml
# https://github.com/github/codeql-action/blob/main/analyze/action.yml
name: CodeQL
on:
# Scheduled to run every Saturday at 04:00 UTC
schedule:
- cron: '0 4 * * 6'
# Allows for manual triggering of the workflow from the GitHub UI
workflow_dispatch:
permissions: { }
jobs:
codeql:
timeout-minutes: 60
permissions:
contents: read
security-events: write
runs-on: ubuntu-latest-8-cores
name: CodeQL
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-java
- name: CodeQL Init
uses: github/codeql-action/init@v3
with:
languages: kotlin
queries: security-and-quality
setup-python-dependencies: false
ram: 16000
threads: 8
config-file: ./.github/codeql/codeql-config.yml
- name: Gradle build
uses: gradle/actions/setup-gradle@v4
with:
gradle-version: wrapper
# The documentation wants us to disable cache: https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build
cache-disabled: true
- shell: bash
run: ./gradlew clean assemble testClasses --no-build-cache
- name: CodeQL Analyze
uses: github/codeql-action/analyze@v3
with:
category: "/language:kotlin"