public-security-workflows/.github/workflows/codeql-java.yml at main · hyperwallet/public-security-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: CodeQL (Java)

on:
  workflow_call:
    inputs:
      language:
        description: 'Language to analyze with CodeQL'
        required: true
        type: string
        default: java
      build-mode:
        description: 'Build mode to compile language for analysis'
        default: none
        required: false
        type: string
      timeout-minutes:
        description: 'Optional override for larger builds'
        default: 20
        required: false
        type: number
      build-command:
        description: 'Optional application build command'
        required: false
        type: string
      queries:
        description: "CodeQL queries to run. Prefix with + to run in addition to the default queries"
        required: false
        type: string
      threads:
        description: "The number of threads that can be used by CodeQL for database finalization and query execution.If not specified input all hardware threads available in the system will be used"
        required: false
        type: string
    secrets:
      DATADOG_API_KEY:
        required: false

jobs:
  analyze:
    name: Code Scanning - CodeQL
    runs-on: ubuntu-latest
    timeout-minutes: ${{ inputs.timeout-minutes }}
    permissions:
      security-events: write
      # required to fetch internal or private CodeQL packs
      packages: read
      # only required for workflows in private repositories
      actions: read
      contents: read
    strategy:
      fail-fast: false

    steps:
      - name: Capture start time
        run: echo "start_time=$(date +%s)" >> $GITHUB_ENV
        shell: bash


      - name: Setup Maven Action
        if: ${{ inputs.language == 'java' }}
        uses: s4u/setup-maven-action@v1.18.0


      - name: Perform CodeQL Analysis
        id: codeql
        uses: hyperwallet/public-security-workflows/codeql@main
        with:
          language: ${{ inputs.language }}
          build-command: ${{ inputs.build-command }}
          build-mode: ${{ inputs.build-mode }}
          timeout-minutes: ${{ inputs.timeout-minutes }}
          queries: ${{ inputs.queries }}
         # DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}


  #    - name: DataDog
  #      if: always() && github.event_name != 'merge_group'
  #      uses: hyperwallet/public-security-workflows/datadog@main
  #      with:
  #        SOURCE: "CodeQL"
  #        DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
  #      BU_NAME: "Hyperwallet"
  #        start_time: ${{ env.start_time }}
  #       OUTCOME: "${{ steps.codeql.outcome }}"