PIMOB:2284: Added codeql anaylysis #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| types: [ opened, synchronize, reopened ] | |
| branches: [ "main", "bugfix/*", "feature/*", "release/*" ] | |
| paths: | |
| - 'cardmanagement/**' | |
| - 'cardnetwork/**' | |
| - 'build.gradle' | |
| - 'settings.gradle' | |
| schedule: | |
| - cron: '34 2 * * 0' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| analyze: | |
| name: Code Analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ 'java-kotlin' ] | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - name: Set up JDK 11 and 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'temurin' | |
| java-version: | | |
| 11 | |
| 17 | |
| cache: gradle | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| queries: security-and-quality | |
| - name: Set git user details | |
| run: | | |
| echo "https://$USERNAME:[email protected]" >> $HOME/.git-credentials | |
| git config --global credential.helper store | |
| git config --global user.name ${USERNAME} | |
| env: | |
| USERNAME: ${{ secrets.CKO_MOBILE_TEAM_USERNAME }} | |
| PAT: ${{ secrets.CKO_MOBILE_TEAM_TOKEN }} | |
| - name: Download and Build Dependency Sian | |
| run: | | |
| # Set the path to clone Levant repository | |
| SIAN_PATH="${RUNNER_TEMP}/dependency-sian" | |
| # Clone the Levant repository using the PAT | |
| git clone https://$USERNAME:[email protected]/cko-mobile/Levant-Android.git ${SIAN_PATH} | |
| # Change directory to the cloned repository | |
| cd ${SIAN_PATH} | |
| # Build AAR and publish to local Maven | |
| ./gradlew :sian:assemble | |
| # AAR file is generated in aar directory | |
| cp ./build/outputs/aar/libs/sian-release.aar $GITHUB_WORKSPACE/cardnetwork/sian-release.aar | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Cache Gradle and wrapper | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} | |
| # - name: Cache checkout-sdk-card-network-android.aar | |
| # id: cache-checkout-sdk-card-network-android-aar | |
| # uses: actions/cache@v3 | |
| # with: | |
| # path: ./cardnetwork/ | |
| # key: ${{ runner.os }}-cache-checkout-sdk-card-network-android | |
| # | |
| # - name: Download checkout-sdk-card-network-android.aar from s3 bucket | |
| # # if there is no cache hit, download the aar from s3 bucket | |
| # if: steps.cache-checkout-sdk-card-network-android-aar.outputs.cache-hit != 'true' | |
| # run: aws s3api get-object --bucket cko-mobile-s3 --key checkout-sdk-card-network-android.aar ./cardnetwork/checkout-sdk-card-network-android.aar | |
| - name: Build Assemble cardmanagement | |
| run: ./gradlew :cardmanagement:assembleDebug | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 |