name: Code quality analysis on: push: branches: - main - renovate/** schedule: - cron: '31 7 * * 3' workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} permissions: contents: read security-events: write jobs: codeql: name: CodeQL runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 with: distribution: temurin java-version: 21 - name: Setup Gradle caching uses: gradle/gradle-build-action@87a9a15658c426a54dd469d4fc7dc1a73ca9d4a6 # v2.10.0 with: gradle-home-cache-cleanup: true cache-read-only: true - name: Initialize CodeQL uses: github/codeql-action/init@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 with: languages: java tools: latest queries: +security-extended - name: Build project shell: bash run: | ./gradlew assembleDebug assembleRelease - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 with: category: "/language:java" mobsfscan: name: MobSF runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 with: distribution: temurin java-version: 21 - name: Setup Gradle caching uses: gradle/gradle-build-action@87a9a15658c426a54dd469d4fc7dc1a73ca9d4a6 # v2.10.0 with: gradle-home-cache-cleanup: true cache-read-only: true - name: Setup python uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 with: python-version: 3.8 - name: Run mobsfscan uses: MobSF/mobsfscan@b8503e0027d134f55cc3306582efbbbeaa96c7ba with: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 with: sarif_file: results.sarif