pmd

⬆️ Bump io.spring.dependency-management from 1.1.4 to 1.1.6 #63

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.

	name: pmd

	on:
	push:
	branches: [ "master" ]
	pull_request:
	branches: [ "master" ]
	schedule:
	- cron: '23 17 * * 4'

	permissions:
	contents: read

	jobs:
	pmd-code-scan:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up JDK 21
	uses: actions/setup-java@v4
	with:
	java-version: '21'
	distribution: 'temurin'
	- uses: pmd/pmd-github-action@v2
	with:
	rulesets: '.github/workflows/ruleset.xml'
	analyzeModifiedFilesOnly: false
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: pmd-report.sarif

Provide feedback