codeql.yml

name: "Discover vulnerabilities with CodeQL"
on:
  push:
    branches: ["master"]
    paths:
      - "**/*.java"
      - "**/*.js"
  pull_request:
    branches: ["master"]
    paths:
      - "**/*.java"
      - "**/*.js"
  schedule:
    - cron: "0 0 * * 1"

jobs:
  analyze:
    runs-on: "ubuntu-latest"
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: ["java", "javascript"]
    steps:
      - name: Setup Maven
        uses: s4u/setup-maven-action@v1.16.0
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
      - name: Compile with autobuild
        uses: github/codeql-action/autobuild@v3
      - name: Perform CodeQL analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"