deps(deps-dev): bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.5.0 #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| # Run on any incoming PR regardless of the base branch so feature | |
| # branches targeting `develop` also get analysed. | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '32 6 * * 1' | |
| permissions: | |
| contents: read | |
| jobs: | |
| analyze: | |
| name: CodeQL — ${{ matrix.language }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| env: | |
| JAVA_TOOL_OPTIONS: -Djava.awt.headless=true | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: | |
| - java-kotlin | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Temurin JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: '17' | |
| cache: maven | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| queries: security-and-quality | |
| - name: Build (library module only) | |
| # `-pl .` scopes the analysis to the published artifact and matches | |
| # the canonical verify gate. Examples/benchmarks are intentionally | |
| # excluded — they ship no production code. | |
| run: ./mvnw -B -ntp -DskipTests -pl . package | |
| - name: Perform CodeQL analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/language:${{ matrix.language }}" |