Do not use auto-build and run maven directly with JDK 17 + Maven 3.9.3.

jenkinsci · Jun 29, 2023 · 0257f54 · 0257f54
1 parent 275886e
commit 0257f54
Showing 1 changed file with 24 additions and 3 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -34,18 +34,39 @@ jobs:
         uses: actions/setup-java@v3
         with:
           distribution: temurin
-          java-version: 11
+          java-version: 17
+          cache: maven
+
+      - name: Set up Maven
+        uses: stCarolas/setup-maven@v4.5
+        with:
+          maven-version: 3.9.3
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+      - name: Build with Maven
+        run: mvn -V --color always -ntp clean verify --file pom.xml -Pskip
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
         with:
+          upload: false
+          output: sarif-results
           category: "/language:${{ matrix.language }}"
+
+      - name: Filter SARIF results
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -**/*Assert*
+          input: sarif-results/${{ matrix.language }}.sarif
+          output: sarif-results/${{ matrix.language }}.sarif
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: sarif-results/${{ matrix.language }}.sarif