enso/.github/workflows/codeql-analysis.yml

name: "CodeQL"

# CodeQL is temporarily disabled because it seems that it is unable to discover
# code compiled with SBT.
on:
  push:
    branches-ignore:
      - "**"
  #    branches:
  #      - main
  #      - "release/*"
  pull_request:
    branches-ignore:
      - "**"
#    branches:
#      - "*"

env:
  # Please ensure that this is in sync with graalVersion in build.sbt
  graalVersion: 20.2.0
  # Please ensure that this is in sync with javaVersion in build.sbt
  javaVersion: 11
  # Please ensure that this is in sync with project/build.properties
  sbtVersion: 1.4.1
  # Please ensure that this is in sync with rustVersion in build.sbt
  rustToolchain: nightly-2019-11-04

jobs:
  vuln-scan:
    name: Vulnerability Scan
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
        with:
          # We must fetch at least the immediate parents so that if this is
          # a pull request then we can checkout the head.
          fetch-depth: 2

      # If this run was triggered by a pull request event, then checkout
      # the head of the pull request instead of the merge commit.
      - run: git checkout HEAD^2
        if: ${{ github.event_name == 'pull_request' }}

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v1
        with:
          languages: java

      # Set Up Environment
      - name: Install Rust
        uses: actions-rs/toolchain@v1.0.6
        with:
          toolchain: ${{ env.rustToolchain }}
          override: true
      - name: Setup conda
        uses: s-weigand/setup-conda@v1.0.5
        with:
          update-conda: false
          conda-channels: anaconda, conda-forge
      - name: Install FlatBuffers Compiler
        run: conda install --freeze-installed flatbuffers=1.12.0
      - name: Setup GraalVM Environment
        uses: ayltai/setup-graalvm@v1
        with:
          graalvm-version: ${{ env.graalVersion }}
          java-version: ${{ env.javaVersion }}
      - name: Set Up SBT
        run: |
          curl --retry 4 --retry-connrefused -fsSL -o sbt.tgz https://github.com/sbt/sbt/releases/download/v${{env.sbtVersion}}/sbt-${{env.sbtVersion}}.tgz
          tar -xzf sbt.tgz
          echo $GITHUB_WORKSPACE/sbt/bin/ >> $GITHUB_PATH

      # Caches
      - name: Cache SBT
        uses: actions/cache@v2
        with:
          path: |
            ~/.sbt
            ~/.ivy2/cache
            ~/.cache
          key: ${{ runner.os }}-sbt-${{ hashFiles('**build.sbt') }}
          restore-keys: ${{ runner.os }}-sbt-

      # Build
      - name: Bootstrap Enso project
        run: sbt --no-colors bootstrap
      - name: Build Enso
        run: sbt --no-colors compile

      # Analyse the Code
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v1
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00			`name: "CodeQL"`

Bump SBT and Scalafmt (#1203) Co-authored-by: Radosław Waśko <radoslaw.wasko@enso.org> Co-authored-by: Dmitry Bushev <bushevdv@gmail.com> 2020-10-22 17:12:28 +03:00			`# CodeQL is temporarily disabled because it seems that it is unable to discover`
			`# code compiled with SBT.`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00			`on:`
Update scalafmt to 2.6.1 (#961) 2020-07-02 18:23:34 +03:00			`push:`
Bump SBT and Scalafmt (#1203) Co-authored-by: Radosław Waśko <radoslaw.wasko@enso.org> Co-authored-by: Dmitry Bushev <bushevdv@gmail.com> 2020-10-22 17:12:28 +03:00			`branches-ignore:`
			`- "**"`
			`# branches:`
			`# - main`
			`# - "release/*"`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00			`pull_request:`
Bump SBT and Scalafmt (#1203) Co-authored-by: Radosław Waśko <radoslaw.wasko@enso.org> Co-authored-by: Dmitry Bushev <bushevdv@gmail.com> 2020-10-22 17:12:28 +03:00			`branches-ignore:`
			`- "**"`
			`# branches:`
			`# - "*"`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
			`env:`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`# Please ensure that this is in sync with graalVersion in build.sbt`
Bump GraalVM Version to 20.2.0 (#1094) 2020-08-28 14:03:09 +03:00			`graalVersion: 20.2.0`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`# Please ensure that this is in sync with javaVersion in build.sbt`
			`javaVersion: 11`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00			`# Please ensure that this is in sync with project/build.properties`
Bump SBT and Scalafmt (#1203) Co-authored-by: Radosław Waśko <radoslaw.wasko@enso.org> Co-authored-by: Dmitry Bushev <bushevdv@gmail.com> 2020-10-22 17:12:28 +03:00			`sbtVersion: 1.4.1`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`# Please ensure that this is in sync with rustVersion in build.sbt`
Integrate the Scala AST Generation with SBT (#1047) 2020-08-03 17:00:12 +03:00			`rustToolchain: nightly-2019-11-04`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
			`jobs:`
			`vuln-scan:`
			`name: Vulnerability Scan`
			`runs-on: ubuntu-latest`

			`steps:`
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`- name: Checkout repository`
			`uses: actions/checkout@v2`
			`with:`
			`# We must fetch at least the immediate parents so that if this is`
			`# a pull request then we can checkout the head.`
			`fetch-depth: 2`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`# If this run was triggered by a pull request event, then checkout`
			`# the head of the pull request instead of the merge commit.`
			`- run: git checkout HEAD^2`
			`if: ${{ github.event_name == 'pull_request' }}`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`# Initializes the CodeQL tools for scanning.`
			`- name: Initialize CodeQL`
			`uses: github/codeql-action/init@v1`
			`with:`
			`languages: java`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`# Set Up Environment`
Integrate the Scala AST Generation with SBT (#1047) 2020-08-03 17:00:12 +03:00			`- name: Install Rust`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`uses: actions-rs/toolchain@v1.0.6`
Integrate the Scala AST Generation with SBT (#1047) 2020-08-03 17:00:12 +03:00			`with:`
			`toolchain: ${{ env.rustToolchain }}`
			`override: true`
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`- name: Setup conda`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`uses: s-weigand/setup-conda@v1.0.5`
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`with:`
			`update-conda: false`
			`conda-channels: anaconda, conda-forge`
			`- name: Install FlatBuffers Compiler`
			`run: conda install --freeze-installed flatbuffers=1.12.0`
			`- name: Setup GraalVM Environment`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`uses: ayltai/setup-graalvm@v1`
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`with:`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`graalvm-version: ${{ env.graalVersion }}`
			`java-version: ${{ env.javaVersion }}`
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`- name: Set Up SBT`
			`run: \|`
Change sbt links to direct GitHub releases links (#1176) 2020-10-01 12:37:46 +03:00			`curl --retry 4 --retry-connrefused -fsSL -o sbt.tgz https://github.com/sbt/sbt/releases/download/v${{env.sbtVersion}}/sbt-${{env.sbtVersion}}.tgz`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00			`tar -xzf sbt.tgz`
Use Environment Files in Actions (#1218) Updates and/or pins versions of some of the GitHub Actions that we use. 2020-10-21 17:48:05 +03:00			`echo $GITHUB_WORKSPACE/sbt/bin/ >> $GITHUB_PATH`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`# Caches`
			`- name: Cache SBT`
			`uses: actions/cache@v2`
			`with:`
			`path: \|`
			`~/.sbt`
			`~/.ivy2/cache`
			`~/.cache`
			`key: ${{ runner.os }}-sbt-${{ hashFiles('**build.sbt') }}`
			`restore-keys: ${{ runner.os }}-sbt-`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`# Build`
			`- name: Bootstrap Enso project`
			`run: sbt --no-colors bootstrap`
			`- name: Build Enso`
			`run: sbt --no-colors compile`
Enable CodeQL analysis for Java (#956) 2020-07-01 18:17:24 +03:00
Add a markdown style guide (#1022) 2020-07-21 15:59:40 +03:00			`# Analyse the Code`
			`- name: Perform CodeQL Analysis`
			`uses: github/codeql-action/analyze@v1`