.github/workflows/codeql.yml

name: "CodeQL Scan"

on:
  workflow_dispatch:
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]
    branches: 
    - main
    - features/automatic-update
  push:
    branches:
    - main
    - features/automatic-update
#Twice a month at 5:00 AM too.
  schedule:
    - cron: '0 5 1,15 * *'
    
jobs:
  analyze:
    name: Analyze
    runs-on: [ 'ubuntu-latest' ]
    timeout-minutes: 360
    permissions:
      # required for all workflows
      security-events: write

      # only required for workflows in private repositories
      actions: read
      contents: read

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - uses: actions/setup-java@v4
      with:
        distribution: 'zulu'
        java-version: '20'

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: 'java-kotlin'
        queries: security-extended,security-and-quality

    - name: Invoke Gradle
      run: |
        chmod +x gradlew 
        ./gradlew --console plain clean build -x test
        
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:java-kotlin"