Add CodeQL analysis

Signed-off-by: litebito <3867999+litebito@users.noreply.github.com>
This commit is contained in:
litebito 2026-04-26 00:09:26 +02:00 committed by GitHub
parent d1c9b2b79d
commit f0fc4c9cb0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

55
.github/workflows/codeql.yml vendored Normal file
View file

@ -0,0 +1,55 @@
name: "CodeQL"
on:
push:
branches: [ 'main' ]
paths-ignore:
- "**.md"
- "*.txt"
- ".github/**"
pull_request:
branches: [ 'main' ]
paths-ignore:
- "**.md"
- "*.txt"
- ".github/**"
schedule:
- cron: '0 19 * * 6'
jobs:
analyze:
name: Analyze
runs-on: [self-hosted, linux, x64, repo-airsonic-pulse]
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript', 'java' ]
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Setup Java
uses: actions/setup-java@v5
with:
java-version: 21
distribution: 'temurin'
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- if: matrix.language == 'java'
name: Build
run: mvn package -DskipTests -Dcheckstyle.skip=true
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"