chore(deps): update plugin jacocolog to v3.1.0 #343
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # THIS CODE WAS AUTOGENERATED. DO NOT MODIFY THIS FILE DIRECTLY | ||
| # THE SOURCE CODE LIVES IN A DIFFERENT REPOSITORY: | ||
| # - centralized-templates | ||
| # FILE STEWARD: @pleo-io/security | ||
| name: CodeQL Analysis | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - master | ||
| - develop | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| - master | ||
| - develop | ||
| env: | ||
| language_Kotlin: "java" | ||
| language_Java: "java" | ||
| language_Go: "go" | ||
| language_Python: "python" | ||
| language_JavaScript: "javascript" | ||
| language_TypeScript: "javascript" | ||
| WORKING_LANGUAGE: "" | ||
| CONFIG_FILE: "" | ||
| RUN_ON_DEFAULT_BRANCH: true | ||
| GRADLE_SCRIPT_PATH: ./gradlew | ||
| jobs: | ||
| preflight: | ||
| name: Determine if CodeQL should run | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| should_run_analyze: ${{ steps.maybe_skip_analyze.outputs.should_run_analyze }} | ||
| working_language: ${{steps.working_language_step.outputs.WORKING_LANGUAGE}} | ||
| steps: | ||
| - uses: winterjung/split@a211a1c46e35fcdc4097d59dd6282d4a9859651b # v2 | ||
| id: split | ||
| with: | ||
| msg: ${{ github.repository }} | ||
| separator: "/" | ||
| - id: get_default_branch | ||
| name: Determine our default branch | ||
| uses: octokit/[email protected] | ||
| with: | ||
| route: GET /repos/{owner}/{repo} | ||
| owner: ${{ github.repository_owner }} | ||
| repo: ${{ steps.split.outputs._1 }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - id: set_default_branch | ||
| name: Set our default branch | ||
| run: echo "DEFAULT_BRANCH=${{ fromJson(steps.get_default_branch.outputs.data).default_branch }}" >> "$GITHUB_ENV" | ||
| - id: maybe_skip_analyze | ||
| name: Check if analyze should run | ||
| shell: bash | ||
| run: | | ||
| if [[ "${{ env.RUN_ON_DEFAULT_BRANCH }}" == "false" && "${{ github.ref }}" == "refs/heads/${{ env.DEFAULT_BRANCH }}" && "${{ github.event_name }}" == "push" ]]; then | ||
| echo "Skipping CodeQL analysis on main branch due to configuration" | ||
| echo "should_run_analyze=false" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "Running CodeQL analysis" | ||
| echo "should_run_analyze=true" >> "$GITHUB_OUTPUT" | ||
| fi | ||
| - id: working_language_step | ||
| name: We check if the repository language is supported by CodeQL | ||
| run: echo "WORKING_LANGUAGE=${{env[format('language_{0}', github.event.repository.language)]}}" >> "$GITHUB_OUTPUT" | ||
| wiz-cli: | ||
| name: Scan Dependencies with Wiz CLI | ||
| if: ${{ !contains(github.event.pull_request.labels.*.name, 'feature-deploy') && (github.ref != 'refs/heads/main' || github.event_name != 'push') }} | ||
| uses: pleo-io/reusable-workflows/.github/workflows/wiz-cli.yaml@main | ||
|
Check failure on line 75 in .github/workflows/codeql-analysis.yaml
|
||
| with: | ||
| scan_deps: false | ||
| deps_scan_path: . | ||
| deps_policy: Pleo-Default-vulnerabilities-policy | ||
| secrets: inherit | ||
| analyze-code: | ||
| name: Analyze code with CodeQL | ||
| if: ${{ (needs.preflight.outputs.should_run_analyze == 'true') && (needs.preflight.outputs.working_language != '')}} | ||
| needs: | ||
| - preflight | ||
| runs-on: codeql-runner | ||
| timeout-minutes: 30 | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 | ||
| - name: Set Working Language | ||
| run: echo "WORKING_LANGUAGE=${{needs.preflight.outputs.working_language}}" >> "$GITHUB_ENV" | ||
| # Set up a JDK environment for building, testing and releasing. | ||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | ||
| if: ${{ env.WORKING_LANGUAGE == 'java' }} | ||
| with: | ||
| java-version: 17 | ||
| distribution: temurin | ||
| # Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | ||
| - name: Setup Gradle | ||
| uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2 | ||
| if: ${{ env.WORKING_LANGUAGE == 'java' }} | ||
| with: | ||
| gradle-version: wrapper | ||
| cache-read-only: true | ||
| # Set up a Node environment for JS/TS/Node client generation. | ||
| - name: Set up Node 20 | ||
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 | ||
| if: ${{ env.WORKING_LANGUAGE == 'javascript' }} | ||
| with: | ||
| node-version: 20 | ||
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3 | ||
| with: | ||
| languages: ${{ github.event.repository.language }} | ||
| ram: 4096 | ||
| queries: security-and-quality | ||
| tools: latest | ||
| config-file: ${{ env.CONFIG_FILE }} | ||
| - name: Gradle Build | ||
| run: ${{ env.GRADLE_SCRIPT_PATH }} classes testClasses --stacktrace -Dorg.gradle.jvmargs=-Xmx4g -Dorg.gradle.parallel=true | ||
| if: ${{ env.WORKING_LANGUAGE == 'java' }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
| GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
| JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3 | ||
| with: | ||
| ram: 4096 | ||
GitHub Actions