Bump github/codeql-action from 2.22.5 to 3.24.0 #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # By default, this Workflow requires the following repository environments | |
| # - sonarcloud | |
| # -- Environment variables: SONAR_HOST_URL, SONAR_ORGANIZATION, SONAR_PROJECT_KEY | |
| # -- Environment secrets: SONAR_TOKEN | |
| # Workflow syntax for GitHub Actions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
| # SonarCloud: https://sonarcloud.io/ | |
| # CI analysis while Automatic Analysis must be disabled for successful execution of this workflow https://docs.sonarcloud.io/advanced-setup/automatic-analysis/#conflict-with-ci-based-analysis | |
| name: Scan Code with SonarCloud | |
| # Events: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows | |
| on: | |
| # Run workflow on push except for ignored branches and paths | |
| push: | |
| paths-ignore: | |
| - '**.md' # Ignore documentation changes | |
| - '.github/**(!code-scan-sonarcloud.yml)' # Ignore other workflow changes | |
| # Run workflow on pull request | |
| pull_request: # By default, a workflow only runs when a pull_request event's activity type is opened, synchronize, or reopened | |
| # Run a single job at a time: https://docs.github.com/en/actions/using-jobs/using-concurrency | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Set Workflow-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs | |
| permissions: | |
| contents: read | |
| jobs: | |
| sonarcloud: | |
| # Run job when not triggered by a merge | |
| if: (github.event_name == 'push' && contains(toJSON(github.event.head_commit.message), 'Merge pull request ') == false) || (github.event_name != 'push') | |
| runs-on: ubuntu-latest # GitHub-hosted runners: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources | |
| # Set Job-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs | |
| permissions: | |
| pull-requests: read # Allow SonarCloud to get pull request details | |
| environment: sonarcloud # Use `sonarcloud` repository environment | |
| steps: | |
| # Workaround for the absence of github.branch_name | |
| # Setting an environment variable: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable | |
| - name: Set VERSION | |
| if: github.head_ref != '' | |
| run: | | |
| echo "VERSION=${{ github.head_ref }}" >> $GITHUB_ENV | |
| - name: Set VERSION | |
| if: github.head_ref == '' | |
| run: | | |
| echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 # https://github.com/marketplace/actions/checkout | |
| with: | |
| # Disabling shallow clone is recommended for improving relevancy of reporting | |
| fetch-depth: 0 | |
| # Setup Java | |
| - uses: actions/setup-java@v3 # https://github.com/actions/setup-java | |
| with: | |
| distribution: microsoft # Microsoft was selected to match Visual Studio Code Dev Container Java distribuition, see .devcontainer/devcontainer.json. Supported distributions: https://github.com/actions/setup-java#supported-distributions | |
| java-version: '17' # Java version must match `project.properties['java.version']` in pom.xml | |
| - name: Cache Maven dependencies | |
| uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions | |
| with: | |
| path: | | |
| ~/.m2 | |
| key: maven-${{ hashFiles('**/pom.xml') }} | |
| - name: Cache SonarCloud dependencies | |
| uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions | |
| with: | |
| path: | | |
| ~/.sonar/cache | |
| key: sonarcloud-${{ github.repository_id }} | |
| # - name: SonarCloud Scan via Github Action | |
| # uses: sonarsource/[email protected] # https://github.com/marketplace/actions/sonarcloud-scan | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ | |
| # In case you need to override default settings | |
| # - name: Analyze with SonarCloud | |
| # uses: sonarsource/[email protected] | |
| # with: | |
| # projectBaseDir: my-custom-directory | |
| # args: > | |
| # -Dsonar.organization=my-organization | |
| # -Dsonar.projectKey=my-projectkey | |
| # -Dsonar.python.coverage.reportPaths=coverage.xml | |
| # -Dsonar.sources=lib/ | |
| # -Dsonar.test.exclusions=tests/** | |
| # -Dsonar.tests=tests/ | |
| # -Dsonar.verbose=true | |
| # SonarCloud GitHub Action fails when a Maven project is detected and recommends usage of Maven Sonar plugin | |
| - name: SonarCloud Scan via Maven (${{ github.event_name }}) | |
| if: github.event_name != 'pull_request' | |
| # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_my-project | |
| # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
| # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment | |
| run: | | |
| mvn -B verify \ | |
| org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Drevision=${{ env.VERSION }} \ | |
| -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \ | |
| -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \ | |
| -Dmaven.test.skip=true \ | |
| -Ddockerfile.skip=true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
| SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment | |
| # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ | |
| # SonarCloud GitHub Action fails when a Maven project is detected and recommends usage of Maven Sonar plugin | |
| - name: SonarCloud Scan via Maven (pull_request) | |
| if: github.event_name == 'pull_request' | |
| # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_my-project | |
| # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
| # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment | |
| run: | | |
| mvn -B verify \ | |
| org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Drevision=${{ env.VERSION }} \ | |
| -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \ | |
| -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \ | |
| -Dsonar.pullrequest.provider=GitHub \ | |
| -Dsonar.pullrequest.github.repository=${{ github.repository }} \ | |
| -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \ | |
| -Dsonar.pullrequest.branch=${{ github.head_ref }} \ | |
| -Dsonar.pullrequest.base=${{ github.base_ref }} \ | |
| -Dmaven.test.skip=true \ | |
| -Ddockerfile.skip=true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
| SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment | |
| # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ | |
| # In case you need to override default settings | |
| # - name: SonarCloud Scan via Maven | |
| # run: | | |
| # mvn -B verify \ | |
| # org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| # -Dmaven.test.skip=true \ | |
| # -Ddockerfile.skip=true \ | |
| # -Dsonar.organization=my-organization \ | |
| # -Dsonar.projectKey=my-projectkey \ | |
| # -Dsonar.python.coverage.reportPaths=coverage.xml \ | |
| # -Dsonar.sources=lib/ \ | |
| # -Dsonar.test.exclusions=tests/** \ | |
| # -Dsonar.tests=tests/ \ | |
| # -Dsonar.verbose=true | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
| # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
| # SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ |