compose-lobsters/.github/workflows/code_quality_analysis.yml

67 lines
1.7 KiB
YAML

name: Code quality analysis
on:
push:
branches:
- main
- renovate/**
schedule:
- cron: '31 7 * * 3'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
security-events: write
jobs:
codeql:
name: CodeQL
runs-on: macos-14
steps:
- name: Setup build environment
uses: msfjarvis/compose-lobsters/.github/reusable-workflows/setup-gradle@main
with:
fetch-depth: 0
cache-read-only: true
- name: Initialize CodeQL
uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
with:
languages: java
tools: latest
queries: +security-extended
- name: Build project
shell: bash
run: |
./gradlew assembleDebug assembleInternal
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
with:
category: "/language:java"
mobsfscan:
name: MobSF
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Setup python
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
with:
python-version: 3.8
- name: Run mobsfscan
uses: MobSF/mobsfscan@25184ed98afa315d90f982d10a44e42c065dcebe
with:
args: . --sarif --output results.sarif || true
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
with:
sarif_file: results.sarif