Skip to content

CodeQL

CodeQL #43

Workflow file for this run

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
name: "CodeQL"
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '27 11 * * 6'
jobs:
analyze:
name: Analyze
runs-on: 'ubuntu-latest'
timeout-minutes: 360
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
pull-requests: read
strategy:
fail-fast: false
matrix:
language: [ 'c-cpp', 'java-kotlin', 'python' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Detect changed files
id: changes
uses: apache/pulsar-test-infra/paths-filter@master
with:
filters: .github/changes-filter.yaml
list-files: csv
- name: Check changed files
id: check_changes
run: |
echo "docs_only=${{ fromJSON(steps.changes.outputs.all_count) == fromJSON(steps.changes.outputs.docs_count) && fromJSON(steps.changes.outputs.docs_count) > 0 }}" >> $GITHUB_OUTPUT
- name: Cache local Maven repository
if: steps.check_changes.outputs.docs_only != 'true'
id: cache
uses: actions/cache@v4
with:
path: |
~/.m2/repository/*/*/*
!~/.m2/repository/org/apache/bookkeeper
!~/.m2/repository/org/apache/distributedlog
key: ${{ runner.os }}-bookkeeper-all-${{ hashFiles('**/pom.xml') }}
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Set up JDK 11
if: steps.check_changes.outputs.docs_only != 'true'
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 11
- name: Validate pull request
if: steps.check_changes.outputs.docs_only != 'true'
run: |
mvn -T 1C -B -nsu clean install -Ddistributedlog -DskipTests
- name: Perform CodeQL Analysis
if: steps.check_changes.outputs.docs_only != 'true'
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"