integrate code ql steps into check job

StanfordSpezi · May 30, 2024 · e54415b · e54415b
1 parent 7f1a401
commit e54415b
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -28,9 +28,16 @@ jobs:
           detekt_config: internal/detekt-config.yml
 
   check:
-    name: Build and test
+    name: Build, test and analyze
     runs-on: ubuntu-latest
     needs: detekt
+    timeout-minutes: 120
+    permissions: # needed for CodeQL steps
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
     steps:
       - name: Checkout code
         uses: actions/[email protected]
@@ -44,3 +51,15 @@ jobs:
 
       - name: Build and test
         run: chmod +x ./gradlew && ./gradlew build
+
+      # CodeQL needs project build!
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: java-kotlin
+          build-mode: manual
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:java-kotlin"