[ISSUE #4737] Separate codeql workflow (#4740)

* Add GRADLE_ENTERPRISE_ACCESS_KEY to a couple of Gradle builds missing it * Update to most recent Gradle Enterprise Gradle Plugin * Move CodeQL verification to its own worfklow * Rename CodeQL workflow to "Analyze" * Rename "Build" workflow to "Docker" * Restore the language matrix with 'java' as the only language in ci workflow * Return the cpp/csharp language step in ci workflow * Rename CodeQL job to "Analyze" rather than "Build"
apache · Jan 14, 2024 · 8c60e3e · 8c60e3e
1 parent 248be85
commit 8c60e3e
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 15 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -33,22 +33,13 @@ jobs:
       matrix:
         os: [ ubuntu-latest, macOS-latest ]
         java: [ 8, 11 ]
-        language: ['java', 'go']
+        language: ['java']
     runs-on: ${{ matrix.os }}
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-          # queries: ./path/to/local/query, your-org/your-repo/queries@main
-          languages: ${{ matrix.language }}
-
       - if: matrix.language == 'cpp' || matrix.language == 'csharp'
         name: Build C
         run: |
@@ -67,6 +58,8 @@ jobs:
 
       - name: GenerateGrammarSource
         run: ./gradlew clean generateGrammarSource --parallel --daemon
+        env:
+          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
 
       - name: Set up JDK ${{ matrix.java }}
         uses: actions/setup-java@v3
@@ -85,9 +78,6 @@ jobs:
         env:
           GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
 
-      - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@v2
-
       - name: Upload coverage report to codecov.io
         run: bash <(curl -s https://codecov.io/bash) || echo 'Failed to upload coverage report!'
 
@@ -107,3 +97,5 @@ jobs:
       - name: Check third party dependencies
         run: |
           ./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar && sh tools/dependency-check/check-dependencies.sh && echo "Thirty party dependencies check success"
+        env:
+          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,69 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+    name: Analyze
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['java', 'go']
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+          languages: ${{ matrix.language }}
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+        if: matrix.language == 'java'
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: 11
+        if: matrix.language == 'java'
+
+      # https://docs.gradle.org/current/userguide/performance.html
+      - name: Build
+        run: ./gradlew clean assemble compileTestJava --no-build-cache --parallel --daemon
+        env:
+          GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+        if: matrix.language == 'java'
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/build.yaml → .github/workflows/docker.yaml b/.github/workflows/build.yaml → .github/workflows/docker.yaml
@@ -16,7 +16,7 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-name: Build
+name: Docker
 on:
   release:
     types: [released]

diff --git a/settings.gradle b/settings.gradle
@@ -16,7 +16,7 @@
  */
 
 plugins {
-    id 'com.gradle.enterprise' version '3.15.1'
+    id 'com.gradle.enterprise' version '3.16.1'
     id 'com.gradle.common-custom-user-data-gradle-plugin' version '1.12.1'
 }