CodeQL workflow action (#7)

* Update quarkus.yml * Refine codeql action * Fix codeqll action * Add cache to codeql action * Code scanning separate workflow * Fix quarkus workflow * Add sample vulnerability * Revert "Add sample vulnerability" This reverts commit 2fd5130.
juliaaano · Apr 27, 2021 · 8c8e84a · 8c8e84a
1 parent 8374a32
commit 8c8e84a
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 2 deletions.
diff --git a/.github/workflows/quarkus.yml b/.github/workflows/quarkus.yml
@@ -18,7 +18,7 @@ on:
     #        │  │ │ │ │
     #        │  │ │ │ │
     #        *  * * * *
-    - cron: '30 1 * * *'
+    - cron: '15 1 * * *'
 
 # permissions:
 #   packages: none # Overriden by package 'Actions access'.
@@ -102,7 +102,9 @@ jobs:
     - name: docker-compose version
       run: docker-compose version
     - name: docker-compose up keycloak postgresql
-      run: docker-compose up --detach keycloak postgresql && sleep 9
+      run: |
+        docker-compose up --detach keycloak postgresql
+        sleep 9
     - name: docker-compose run liquibase
       run: docker-compose run --rm --name liquibase liquibase
     - name: mvn clean verify -Pnative

diff --git a/.github/workflows/scanning.yml b/.github/workflows/scanning.yml
@@ -0,0 +1,46 @@
+name: scanning
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+    paths:
+      - 'src/**'
+  schedule:
+    #        ┌───────────── minute (0 - 59)
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
+    - cron: "30 1 * * *"
+
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+    steps:
+      - name: jdk11
+        uses: actions/setup-java@v2
+        with:
+          java-version: "11"
+          distribution: "adopt"
+      - name: codeql init
+        uses: github/codeql-action/init@v1
+        with:
+          languages: java
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: cache ~/.m2
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: mvn compile
+        run: mvn --show-version --batch-mode compile
+      - name: codeql analyze
+        uses: github/codeql-action/analyze@v1