Skip to content

chore(deps): bump bazel_skylib #438

chore(deps): bump bazel_skylib

chore(deps): bump bazel_skylib #438

Workflow file for this run

name: CodeQL
# Declare default permissions as read only.
permissions: read-all
on:
pull_request:
branches: [main]
push:
branches:
- main
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
security-events: write
strategy:
matrix:
language: ["java-kotlin"]
steps:
- uses: bazel-contrib/[email protected]
with:
# Avoid downloading Bazel every time.
bazelisk-cache: true
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: manual
- name: Build java
# Note: Bazel requires specific args to do the build with a little caching as possible. Kind of the anthesis of Bazel's philosophy,
# But codeql wants to observe all the compilation.
# See also: https://docs.github.com/en/enterprise-cloud@latest/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#specifying-build-commands
run: |
bazel build --spawn_strategy=local --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results //src/main/java/build/buildfarm:buildfarm-server //src/main/java/build/buildfarm:buildfarm-shard-worker
bazel shutdown
- uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"