# Analyzes the code using GitHub's default CodeQL query database.
# Identified issues are registered with GitHub's code scanning dashboard. When
# a pull request is analyzed, any offending lines are annotated. See
# https://codeql.github.com for details.
name: CodeQL analysis
on:
  pull_request:
  push:
    branches: [ master ]
  schedule:
    - cron: '0 4 * * 1'
permissions:
  contents: read
jobs:
  analyze:
    strategy:
      matrix:
        language: [ java, ruby ]
    permissions:
      contents: read
      security-events: write
    runs-on: ubuntu-22.04
    steps:
      - name: Check out code
        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
        with:
          persist-credentials: false
      - name: Set up JDK
        uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
        with:
          java-version: 17.0.8
          distribution: temurin
          cache: maven
      - name: Initialize CodeQL
        uses: github/codeql-action/init@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0
        with:
          languages: ${{ matrix.language }}
      - name: Perform minimal build
        if: matrix.language == 'java'
        run: mvn -T1C clean install -DskipTests -Dverification.skip
      - name: Perform CodeQL analysis
        uses: github/codeql-action/analyze@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0
        with:
          category: /language:${{ matrix.language }}