From 22feae9a0cee4e3a38e7c3caa5e664765f8153d9 Mon Sep 17 00:00:00 2001 From: Aman Brar Date: Tue, 29 Dec 2020 20:25:57 -0500 Subject: [PATCH 1/3] added codeql security scan --- .github/workflows/codeql-analysis.yml | 46 +++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000000..3a43986aed24 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,46 @@ +name: "Code Scanning - Action" + +on: + push: + branches: [master] + pull_request: + branches: [master] + workflow_dispatch: + schedule: + # ┌───────────── minute (0 - 59) + # │ ┌───────────── hour (0 - 23) + # │ │ ┌───────────── day of the month (1 - 31) + # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) + # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) + # │ │ │ │ │ + # │ │ │ │ │ + # │ │ │ │ │ + # * * * * * + - cron: '30 1 * * *' + +jobs: + CodeQL-Build: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: java + + # Build the code + - name: Setup Java 11 + uses: actions/setup-java@v1 + with: + java-version: 11 + + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # Perform Analysis + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From ad3819cac177258afcdd3bb01e56aab0b8d1e495 Mon Sep 17 00:00:00 2001 From: Aman Brar Date: Wed, 30 Dec 2020 15:57:32 -0500 Subject: [PATCH 2/3] only run daily cron and manual trigger --- .github/workflows/codeql-analysis.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3a43986aed24..990d30329a9c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,10 +1,6 @@ name: "Code Scanning - Action" on: - push: - branches: [master] - pull_request: - branches: [master] workflow_dispatch: schedule: # ┌───────────── minute (0 - 59) From 1936a87faee3966af0d7c11c7319381c8862488e Mon Sep 17 00:00:00 2001 From: Aman Brar Date: Wed, 30 Dec 2020 21:29:00 -0500 Subject: [PATCH 3/3] removed excess comments --- .github/workflows/codeql-analysis.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 990d30329a9c..288100e3c2c9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -3,15 +3,6 @@ name: "Code Scanning - Action" on: workflow_dispatch: schedule: - # ┌───────────── minute (0 - 59) - # │ ┌───────────── hour (0 - 23) - # │ │ ┌───────────── day of the month (1 - 31) - # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) - # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) - # │ │ │ │ │ - # │ │ │ │ │ - # │ │ │ │ │ - # * * * * * - cron: '30 1 * * *' jobs: @@ -22,13 +13,11 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: languages: java - # Build the code - name: Setup Java 11 uses: actions/setup-java@v1 with: @@ -37,6 +26,5 @@ jobs: - name: Autobuild uses: github/codeql-action/autobuild@v1 - # Perform Analysis - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1