diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..d4cc6d5 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,69 @@ +# This workflow configures CodeQL as the auto-configuration fails for Java/Kotlin. +# +# @author Armin Schnabel +# @version 1.0.0 +# @since 4.2.0 +name: "CodeQL Analysis" + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '23 11 * * 2' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + + permissions: + # required for all workflows + security-events: write + + strategy: + fail-fast: false + matrix: + include: + - language: java-kotlin + build-mode: manual # autobuild fails (gradle.properties required) + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + # 'java-kotlin' to analyze code written in Java, Kotlin or both + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - name: Set up JDK + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + + - name: Cache Gradle dependencies + uses: actions/cache@v3 + with: + path: ~/.gradle/caches + # Only update cache on hash change (gradle build files and the wrapper properties) + key: gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + restore-keys: gradle- + + #- name: Grant execute permission for Gradle wrapper + # run: chmod +x gradlew + + - name: Add gradle.properties + run: cp gradle.properties.template gradle.properties + + - name: Build with Gradle + run: ./gradlew build + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/gradle_build.yml b/.github/workflows/gradle_build.yml index fbd1bcb..d044821 100644 --- a/.github/workflows/gradle_build.yml +++ b/.github/workflows/gradle_build.yml @@ -1,7 +1,7 @@ # This workflow ensures the building step works # # @author Armin Schnabel -# @version 1.2.0 +# @version 1.3.0 # @since 1.1.4 name: Gradle Build @@ -30,9 +30,16 @@ jobs: distribution: 'temurin' java-version: '17' + - name: Cache Gradle dependencies + uses: actions/cache@v3 + with: + path: ~/.gradle/caches + # Only update cache on hash change (gradle build files and the wrapper properties) + key: gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + restore-keys: gradle- + - name: Add gradle.properties - run: | - cp gradle.properties.template gradle.properties + run: cp gradle.properties.template gradle.properties - name: Build with Gradle run: ./gradlew build diff --git a/.github/workflows/gradle_publish.yml b/.github/workflows/gradle_publish.yml index eb692a1..a16de87 100644 --- a/.github/workflows/gradle_publish.yml +++ b/.github/workflows/gradle_publish.yml @@ -1,7 +1,7 @@ # This workflow publishes a new version to the Github Registry. # # @author Armin Schnabel -# @version 1.2.0 +# @version 1.3.0 # @since 1.2.2 name: Gradle Publish @@ -28,6 +28,14 @@ jobs: distribution: 'temurin' java-version: '17' + - name: Cache Gradle dependencies + uses: actions/cache@v3 + with: + path: ~/.gradle/caches + # Only update cache on hash change (gradle build files and the wrapper properties) + key: gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + restore-keys: gradle- + - name: Add gradle.properties run: | # Use the repository's automatically set up token to publish to the registry @@ -37,8 +45,7 @@ jobs: # versionName is required to publish artifacts to Github Registry - name: Set versionName - run: | - sed -i "s/version = \"0.0.0\"/version = \"${{ github.ref_name }}\"/g" build.gradle + run: sed -i "s/version = \"0.0.0\"/version = \"${{ github.ref_name }}\"/g" build.gradle - name: Publish with Gradle run: ./gradlew publish