chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.9.8.1 #85
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow for advanced CodeQL setup used for scanning Java/JavaScript/TypeScript/Vue/Python based source files | |
| name: CodeQL Advanced | |
| env: | |
| # Whether to analyze Java code or not (only set to true if repo has Java source code) | |
| analyze-java: true | |
| # Build mode to use for analysis of Java code (e.g. none, autobuild, manual) | |
| java-buildmode: autobuild | |
| # Temurin JDK version to use for autobuild (only when java-buildmode is set to autobuild) | |
| java-version: 21 | |
| # Whether to analyze JavaScript/TypeScript/Vue code or not (only set to true if repo has Javascript/Typescript/Vue source code) | |
| analyze-javascript-typescript-vue: true | |
| # Whether to analyze Python code or not (only set to true if repo has Python source code) | |
| analyze-python: false | |
| # Query set to use when analyzing the source code (e.g. default, security-extended, security-and-quality) | |
| analysis-query: security-and-quality | |
| on: | |
| # Runs on pull requests and on pushes to main (in order to keep the regular scanning by GitHub working) | |
| pull_request: | |
| push: | |
| branches: [main] | |
| permissions: | |
| pull-requests: read | |
| security-events: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| check-changes: | |
| name: Check changed files and directories | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| java: ${{ steps.filter.outputs.java }} | |
| javascript-typescript-vue: ${{ steps.filter.outputs.javascript-typescript-vue }} | |
| python: ${{ steps.filter.outputs.python }} | |
| steps: | |
| - name: Checkout repository | |
| uses: it-at-m/lhm_actions/action-templates/actions/action-checkout@9767179088fd2e344d1a24c17404ab809a60f1b6 # v1.0.20 | |
| - name: Path Filter | |
| id: filter | |
| uses: it-at-m/lhm_actions/action-templates/actions/action-filter@9767179088fd2e344d1a24c17404ab809a60f1b6 # v1.0.20 | |
| codeql-java: | |
| name: Analyze Java source files | |
| runs-on: ubuntu-latest | |
| needs: check-changes | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build-path: ["./lizenzliste-backend"] # JSON array formatted as string, contains the paths to the java projects to build | |
| steps: | |
| - uses: it-at-m/lhm_actions/action-templates/actions/action-codeql@9767179088fd2e344d1a24c17404ab809a60f1b6 # v1.0.20 | |
| if: ${{ env.analyze-java == 'true' && (github.ref_name == 'main' || needs.check-changes.outputs.java == 'true') }} | |
| with: | |
| codeql-language: java-kotlin | |
| codeql-buildmode: ${{ env.java-buildmode }} | |
| codeql-query: ${{ env.analysis-query }} | |
| java-version: ${{ env.java-version }} | |
| path: ${{ matrix.build-path }} | |
| codeql-javascript-typescript-vue: | |
| name: Analyze JavaScript/TypeScript/Vue source files | |
| runs-on: ubuntu-latest | |
| needs: check-changes | |
| steps: | |
| - uses: it-at-m/lhm_actions/action-templates/actions/action-codeql@9767179088fd2e344d1a24c17404ab809a60f1b6 # v1.0.20 | |
| if: ${{ env.analyze-javascript-typescript-vue == 'true' && (github.ref_name == 'main' || needs.check-changes.outputs.javascript-typescript-vue == 'true') }} | |
| with: | |
| codeql-language: javascript-typescript | |
| codeql-query: ${{ env.analysis-query }} | |
| codeql-python: | |
| name: Analyze Python source files | |
| runs-on: ubuntu-latest | |
| needs: check-changes | |
| steps: | |
| - uses: it-at-m/lhm_actions/action-templates/actions/action-codeql@9767179088fd2e344d1a24c17404ab809a60f1b6 # v1.0.20 | |
| if: ${{ env.analyze-python == 'true' && (github.ref_name == 'main' || needs.check-changes.outputs.python == 'true') }} | |
| with: | |
| codeql-language: python | |
| codeql-query: ${{ env.analysis-query }} |