From 98c9eb2ec9e942d749dad823455da7d4caefae97 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Fri, 3 Oct 2025 11:49:36 -0400 Subject: [PATCH 01/14] Initial commit of codeql --- .github/workflows/codeql.yml | 90 ++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..127cef05 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,90 @@ +name: "CodeQL Advanced" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: actions + build-mode: none + - language: java-kotlin + build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. + - language: javascript-typescript + build-mode: none + # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Add any setup steps before running the `github/codeql-action/init` action. + # This includes steps like installing compilers or runtimes (`actions/setup-node` + # or others). This is typically only required for manual builds. + # - name: Setup runtime (example) + # uses: actions/setup-example@v1 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From 6d1878a920ff6a4d53ceb0d84be31eb599d0222c Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 11:24:57 -0400 Subject: [PATCH 02/14] setting the build to auto --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 127cef05..5590531e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,9 +34,9 @@ jobs: - language: actions build-mode: none - language: java-kotlin - build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. + build-mode: autobuild # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. - language: javascript-typescript - build-mode: none + build-mode: autobuild # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift' # Use `c-cpp` to analyze code written in C, C++ or both # Use 'java-kotlin' to analyze code written in Java, Kotlin or both From d2d838200be27905959e99e4a4d1be813820da60 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 11:27:08 -0400 Subject: [PATCH 03/14] setting the build to auto --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5590531e..31019a53 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: include: - language: actions build-mode: none - - language: java-kotlin + - language: java build-mode: autobuild # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. - language: javascript-typescript build-mode: autobuild From 2ad14a57910d81f9b23fc2fa94af0c3c95748db9 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 11:40:31 -0400 Subject: [PATCH 04/14] adding build steps --- .github/workflows/codeql.yml | 131 ++++++++++++++++++++++++++++++++++- 1 file changed, 129 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 31019a53..49cc72c3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,7 +9,7 @@ on: jobs: analyze: - name: Analyze (${{ matrix.language }}) + name: Analyze Java # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources @@ -34,7 +34,7 @@ jobs: - language: actions build-mode: none - language: java - build-mode: autobuild # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. + build-mode: manual # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. - language: javascript-typescript build-mode: autobuild # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift' @@ -56,6 +56,32 @@ jobs: # uses: actions/setup-example@v1 # Initializes the CodeQL tools for scanning. + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + fetch-depth: 0 # Important for versioning extension to work correctly + - name: Mustache Specs + run: | + git submodule update --init --recursive + - name: Set up JDK ${{ matrix.java_version }} + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 + with: + java-version: ${{ matrix.java_version }} + distribution: "temurin" + cache: maven + - name: Install + run: mvn clean install -DskipTests --batch-mode --no-transfer-progress + env: + BUILD_PORT: 0 + BUILD_SECURE_PORT: 0 + - name: Build + run: mvn clean package --batch-mode --no-transfer-progress + env: + BUILD_PORT: 0 + BUILD_SECURE_PORT: 0 + + - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: @@ -88,3 +114,104 @@ jobs: uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" + + + analyze2: + name: Analyze Javascript + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: actions + build-mode: none + - language: javascript-typescript + build-mode: manual + # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Add any setup steps before running the `github/codeql-action/init` action. + # This includes steps like installing compilers or runtimes (`actions/setup-node` + # or others). This is typically only required for manual builds. + # - name: Setup runtime (example) + # uses: actions/setup-example@v1 + + # Initializes the CodeQL tools for scanning. + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + fetch-depth: 0 # Important for versioning extension to work correctly + - name: Mustache Specs + run: | + git submodule update --init --recursive + - name: Set up JDK ${{ matrix.javascript_version }} + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 + with: + java-version: ${{ matrix.javascript_version }} + distribution: "temurin" + cache: maven + - name: Install + run: mvn clean install -DskipTests --batch-mode --no-transfer-progress + env: + BUILD_PORT: 0 + BUILD_SECURE_PORT: 0 + - name: Build + run: mvn clean package --batch-mode --no-transfer-progress + env: + BUILD_PORT: 0 + BUILD_SECURE_PORT: 0 + + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" \ No newline at end of file From 34bc8d00d62a7a19a7de31a4232c0c72d6bdf0e4 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 11:47:22 -0400 Subject: [PATCH 05/14] removing not needed steps --- .github/workflows/codeql.yml | 32 ++++++-------------------------- 1 file changed, 6 insertions(+), 26 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 49cc72c3..bb4e0e85 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,20 +31,9 @@ jobs: fail-fast: false matrix: include: - - language: actions - build-mode: none - language: java build-mode: manual # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. - - language: javascript-typescript - build-mode: autobuild - # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: - name: Checkout repository uses: actions/checkout@v4 @@ -64,10 +53,10 @@ jobs: - name: Mustache Specs run: | git submodule update --init --recursive - - name: Set up JDK ${{ matrix.java_version }} + - name: Set up JDK 11 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 with: - java-version: ${{ matrix.java_version }} + java-version: 11 distribution: "temurin" cache: maven - name: Install @@ -134,18 +123,9 @@ jobs: fail-fast: false matrix: include: - - language: actions - build-mode: none - language: javascript-typescript build-mode: manual - # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: - name: Checkout repository uses: actions/checkout@v4 @@ -165,10 +145,10 @@ jobs: - name: Mustache Specs run: | git submodule update --init --recursive - - name: Set up JDK ${{ matrix.javascript_version }} + - name: Set up JDK 11 uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 with: - java-version: ${{ matrix.javascript_version }} + java-version: 11 distribution: "temurin" cache: maven - name: Install From cf44f71457f829350c883832e02b9650e9735cb6 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 11:52:07 -0400 Subject: [PATCH 06/14] working on the build --- .github/workflows/codeql.yml | 41 ++++++------------------------------ 1 file changed, 7 insertions(+), 34 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bb4e0e85..16bf04d0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -97,7 +97,6 @@ jobs: 'your code, for example:' echo ' make bootstrap' echo ' make release' - exit 1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 @@ -124,44 +123,19 @@ jobs: matrix: include: - language: javascript-typescript - build-mode: manual + build-mode: autobuild steps: - name: Checkout repository uses: actions/checkout@v4 - # Add any setup steps before running the `github/codeql-action/init` action. - # This includes steps like installing compilers or runtimes (`actions/setup-node` - # or others). This is typically only required for manual builds. - # - name: Setup runtime (example) - # uses: actions/setup-example@v1 - - # Initializes the CodeQL tools for scanning. - - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - fetch-depth: 0 # Important for versioning extension to work correctly - - name: Mustache Specs - run: | - git submodule update --init --recursive - - name: Set up JDK 11 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 - with: - java-version: 11 - distribution: "temurin" - cache: maven - - name: Install - run: mvn clean install -DskipTests --batch-mode --no-transfer-progress - env: - BUILD_PORT: 0 - BUILD_SECURE_PORT: 0 - - name: Build - run: mvn clean package --batch-mode --no-transfer-progress - env: - BUILD_PORT: 0 - BUILD_SECURE_PORT: 0 + # Add any setup steps before running the `github/codeql-action/init` action. + # This includes steps like installing compilers or runtimes (`actions/setup-node` + # or others). This is typically only required for manual builds. + # - name: Setup runtime (example) + # uses: actions/setup-example@v1 + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -189,7 +163,6 @@ jobs: 'your code, for example:' echo ' make bootstrap' echo ' make release' - exit 1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From 917e2a3fe8d8d9f96bb57d3292da660bf8df5928 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 13:03:51 -0400 Subject: [PATCH 07/14] making JS to none build --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 16bf04d0..e5a69c99 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -123,7 +123,7 @@ jobs: matrix: include: - language: javascript-typescript - build-mode: autobuild + build-mode: none steps: - name: Checkout repository From c35940ea47ebce4168aa52616f2f2540b2359658 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 13:15:41 -0400 Subject: [PATCH 08/14] working on java builds --- .github/workflows/codeql.yml | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e5a69c99..d33e3fd7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: matrix: include: - language: java - build-mode: manual # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. + build-mode: autobuild # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. steps: - name: Checkout repository @@ -46,30 +46,9 @@ jobs: # Initializes the CodeQL tools for scanning. - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - fetch-depth: 0 # Important for versioning extension to work correctly - - name: Mustache Specs - run: | - git submodule update --init --recursive - - name: Set up JDK 11 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 - with: - java-version: 11 - distribution: "temurin" - cache: maven - - name: Install - run: mvn clean install -DskipTests --batch-mode --no-transfer-progress - env: - BUILD_PORT: 0 - BUILD_SECURE_PORT: 0 - - name: Build - run: mvn clean package --batch-mode --no-transfer-progress - env: - BUILD_PORT: 0 - BUILD_SECURE_PORT: 0 - + # Automatically attempts to build Java (Maven/Gradle) + - name: Autobuild + uses: github/codeql-action/autobuild@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v3 From 2273c36264e8be3774c58f6219eda5c43f67d015 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 13:17:54 -0400 Subject: [PATCH 09/14] maven build --- .github/workflows/codeql.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d33e3fd7..a6c43122 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,9 +46,15 @@ jobs: # Initializes the CodeQL tools for scanning. - # Automatically attempts to build Java (Maven/Gradle) - - name: Autobuild - uses: github/codeql-action/autobuild@v3 + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '11' # Specify the JDK version your project needs + distribution: 'temurin' + cache: maven - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -71,11 +77,7 @@ jobs: - if: matrix.build-mode == 'manual' shell: bash run: | - echo 'If you are using a "manual" build mode for one or more of the' \ - 'languages you are analyzing, replace this with the commands to build' \ - 'your code, for example:' - echo ' make bootstrap' - echo ' make release' + mvn -B clean install -DskipTests - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From 0f62ac4ee9cf45ca3e45b6b4aa307b459a8460ce Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 13:19:23 -0400 Subject: [PATCH 10/14] manual maven build --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a6c43122..781bffd9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: matrix: include: - language: java - build-mode: autobuild # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. + build-mode: manual # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. steps: - name: Checkout repository From 27b7f3dd4be8d34c493c2e4a0706111fb9d58b63 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 13:21:23 -0400 Subject: [PATCH 11/14] changing fetch depth --- .github/workflows/codeql.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 781bffd9..bca1d81a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,6 +37,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + with: + fetch-depth: '0' # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` From 09015787ec611f943485481b6efffed4ee573ef9 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 13:23:25 -0400 Subject: [PATCH 12/14] moving things around --- .github/workflows/codeql.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bca1d81a..d1c6c10d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -61,8 +61,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} + languages: java # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. From 20c02c7f9b4838cec8e90ef38df71eb83d661129 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Mon, 6 Oct 2025 13:35:02 -0400 Subject: [PATCH 13/14] moving the init to before the build --- .github/workflows/codeql.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d1c6c10d..e9c22693 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -48,15 +48,7 @@ jobs: # Initializes the CodeQL tools for scanning. - - name: Checkout repository - uses: actions/checkout@v4 - - name: Set up JDK - uses: actions/setup-java@v4 - with: - java-version: '11' # Specify the JDK version your project needs - distribution: 'temurin' - cache: maven - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -69,6 +61,13 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs queries: security-extended,security-and-quality + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '11' # Specify the JDK version your project needs + distribution: 'temurin' + cache: maven + # If the analyze step fails for one of the languages you are analyzing with # "We were unable to automatically build your code", modify the matrix above # to set the build mode to "manual" for that language. Then modify this step From 2d8d37ce536631f2acf36df810fbc75e4baa0cf1 Mon Sep 17 00:00:00 2001 From: Randall Wyatt Date: Thu, 9 Oct 2025 11:41:31 -0400 Subject: [PATCH 14/14] renaming the workflows per the team request --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e9c22693..016da757 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -8,7 +8,7 @@ on: jobs: - analyze: + analyze-java: name: Analyze Java # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql @@ -85,7 +85,7 @@ jobs: category: "/language:${{matrix.language}}" - analyze2: + analyze-js: name: Analyze Javascript runs-on: ubuntu-latest permissions: