# Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. name: "CodeQL" on: push: branches: - 'dev' pull_request: branches: - 'dev' concurrency: group: codeql-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: analyze: if: (github.event_name == 'schedule' && github.repository == 'apache/dolphinscheduler') || (github.event_name != 'schedule') name: Analyze runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: submodules: true - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: java queries: +security-and-quality - run: | ./mvnw -B clean install \ -Dmaven.test.skip \ -Dmaven.javadoc.skip \ -Dspotless.skip=true \ -Prelease - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2