This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a commit to branch feature/codeql-actions
in repository https://gitbox.apache.org/repos/asf/logging-parent.git
commit da92d99f909547767a03d44c145775917e26d4a9
Author: Piotr P. Karwasz <piotr.git...@karwasz.org>
AuthorDate: Mon Mar 10 09:49:10 2025 +0100
Add CodeQL run for GitHub Actions
CodeQL now supports analysis of GitHub Action scripts.
---
.github/workflows/codeql-analysis-reusable.yaml | 5 +--
...analysis-reusable.yaml => codeql-analysis.yaml} | 37 ++++++----------------
src/changelog/.12.x.x/codeql_for_gha.xml | 7 ++++
3 files changed, 19 insertions(+), 30 deletions(-)
diff --git a/.github/workflows/codeql-analysis-reusable.yaml
b/.github/workflows/codeql-analysis-reusable.yaml
index 8d13de8..e2f1309 100644
--- a/.github/workflows/codeql-analysis-reusable.yaml
+++ b/.github/workflows/codeql-analysis-reusable.yaml
@@ -27,7 +27,7 @@ on:
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript',
'kotlin', 'python', 'ruby' ]
# Learn more about CodeQL language support at
https://git.io/codeql-language-support
language:
- description:
+ description: Language used in the repository
default: java
type: string
@@ -45,7 +45,8 @@ jobs:
- name: Initialize CodeQL
uses:
github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # 3.28.9
with:
- languages: ${{ inputs.language }}
+ # Also check GitHub Actions
+ languages: ${{ inputs.language }}, actions
- name: Setup JDK
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 #
4.7.0
diff --git a/.github/workflows/codeql-analysis-reusable.yaml
b/.github/workflows/codeql-analysis.yaml
similarity index 59%
copy from .github/workflows/codeql-analysis-reusable.yaml
copy to .github/workflows/codeql-analysis.yaml
index 8d13de8..bfe5ecc 100644
--- a/.github/workflows/codeql-analysis-reusable.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -15,21 +15,17 @@
# limitations under the License.
#
+##
+# Perform CodeQL analysis of GitHub Actions
name: codeql-analysis
on:
- workflow_call:
- inputs:
- java-version:
- description: The Java compiler version
- default: 17
- type: string
- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript',
'kotlin', 'python', 'ruby' ]
- # Learn more about CodeQL language support at
https://git.io/codeql-language-support
- language:
- description:
- default: java
- type: string
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+ schedule:
+ - cron: '32 12 * * 5'
jobs:
@@ -45,22 +41,7 @@ jobs:
- name: Initialize CodeQL
uses:
github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # 3.28.9
with:
- languages: ${{ inputs.language }}
-
- - name: Setup JDK
- uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 #
4.7.0
- with:
- distribution: zulu
- java-version: ${{ inputs.java-version }}
- cache: maven
-
- - name: Build with Maven
- shell: bash
- run: |
- ./mvnw \
- --show-version --batch-mode --errors --no-transfer-progress \
- -DskipTests \
- clean verify
+ languages: actions
- name: Perform CodeQL Analysis
uses:
github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 #
3.28.9
diff --git a/src/changelog/.12.x.x/codeql_for_gha.xml
b/src/changelog/.12.x.x/codeql_for_gha.xml
new file mode 100644
index 0000000..d38e189
--- /dev/null
+++ b/src/changelog/.12.x.x/codeql_for_gha.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns="https://logging.apache.org/xml/ns";
+ xsi:schemaLocation="https://logging.apache.org/xml/ns
https://logging.apache.org/xml/ns/log4j-changelog-0.xsd";
+ type="changed">
+ <description format="asciidoc">Add "GitHub Actions" to the list of languages
analyzed by CodeQL.</description>
+</entry>
