From d56037e1b7f6bcfba8962f398d4a33c69663eb7f Mon Sep 17 00:00:00 2001 From: Marc Philipp Date: Tue, 17 Jun 2025 19:22:25 +0200 Subject: [PATCH 1/2] Enable CodeQL checks for GitHub Actions workflows --- .github/workflows/codeql-analysis.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 99f293f4d6a5..fe94e7f336f3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -27,9 +27,13 @@ jobs: strategy: fail-fast: false matrix: - language: - - java - - javascript + include: + - language: actions + build-mode: none + - language: java + build-mode: manual + - language: javascript + build-mode: none steps: - name: Check out repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -37,8 +41,10 @@ jobs: uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 with: languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} tools: linked - name: Build + if: matrix.build-mode == 'manual' uses: ./.github/actions/run-gradle with: encryptionKey: ${{ secrets.GRADLE_ENCRYPTION_KEY }} From 28f47e1c5b0264195047e747796c99c2768e26fe Mon Sep 17 00:00:00 2001 From: Marc Philipp Date: Tue, 17 Jun 2025 19:30:39 +0200 Subject: [PATCH 2/2] Add recommended category --- .github/workflows/codeql-analysis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fe94e7f336f3..c0ab89fab5e1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,3 +54,5 @@ jobs: classes - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + with: + category: "/language:${{matrix.language}}"