Bump step-security/harden-runner from 2.9.1 to 2.10.1 #299
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL security analysis for Java | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| schedule: | |
| - cron: '42 1 * * 2' | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: compiling and security scanning | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 360 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Set up with Java 21 | |
| uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 21 | |
| cache: 'maven' | |
| - name: Initialize CodeQL for security scanning | |
| uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 | |
| with: | |
| languages: 'java-kotlin' | |
| - name: Compile Java source code with Maven | |
| run: mvn -B compile --file pom.xml | |
| # unit tests are not run as part of this workflow, since they are not required for the CodeQL security analysis | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 | |
| with: | |
| category: "/language:java-kotlin" | |