Updated GitHub workflows

anchit-choudhry · Jun 9, 2024 · 234ce2c · 234ce2c
1 parent 3f4134f
commit 234ce2c
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 29 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,3 +1,4 @@
+---
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
@@ -30,50 +31,62 @@ on:
     - cron: "42 20 * * 3"
 
 jobs:
-  CodeQL-Build:
-    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
-    runs-on: ubuntu-latest
-
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == "swift" && "macos-latest") || "ubuntu-latest" }}
+    timeout-minutes: ${{ (matrix.language == "swift" && 120) || 360 }}
     permissions:
-      # required for all workflows
+      actions: read
+      contents: read
       security-events: write
 
-      # only required for workflows in private repositories
-      # actions: read
-      # contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ "java" ]
+        # CodeQL supports [ "cpp", "csharp", "go", "java", "javascript", "python", "ruby", "swift" ]
+        # Use only "java" to analyze code written in Java, Kotlin or both
+        # Use only "javascript" to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
-      
+        uses: actions/checkout@v4.1.6
+
       # Setup JDK
-      - uses: actions/setup-java@v4
+      - uses: actions/setup-java@v4.2.1
         with:
           distribution: temurin
-          java-version: 17
+          java-version: 21
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        # Override language selection by uncommenting this and choosing your languages
-        # with:
-        #   languages: go, javascript, csharp, python, cpp, java
+        uses: github/codeql-action/init@v3.25.8
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-      # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below).
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+      # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v3.25.8
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following
-      #    three lines and modify them (or add more) to build your code if your
-      #    project uses a compiled language
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-      #- run: |
-      #     make bootstrap
-      #     make release
+      # - run: |
+      #     echo "Run, Build Application using script"
+      #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v3.25.8
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -8,7 +8,7 @@
 #
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
-name: 'Dependency review'
+name: "Dependency review"
 on:
   pull_request:
     branches: [ "main" ]
@@ -28,9 +28,9 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout repository'
+      - name: "Checkout repository"
         uses: actions/checkout@v4.1.6
-      - name: 'Dependency Review'
+      - name: "Dependency Review"
         uses: actions/dependency-review-action@v4.3.3
         # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
         with: