Files
starter-workflows/code-scanning/pmd.yml
T

44 lines
1.3 KiB
YAML
Raw Normal View History

2021-10-27 15:35:18 -04:00
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: pmd
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
2022-02-10 18:08:47 +01:00
branches: [ $default-branch ]
2021-10-27 15:35:18 -04:00
schedule:
- cron: $cron-weekly
2022-02-17 08:57:59 +05:30
permissions:
contents: read
2021-10-27 15:35:18 -04:00
jobs:
2021-12-01 15:50:22 -05:00
pmd-code-scan:
2022-02-17 08:57:59 +05:30
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
2022-11-04 20:45:41 +01:00
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
2021-10-27 15:35:18 -04:00
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
2021-12-01 15:50:22 -05:00
- name: Set up JDK 11
uses: actions/setup-java@v4
2021-10-27 15:35:18 -04:00
with:
2021-12-01 15:50:22 -05:00
java-version: '11'
2021-12-20 11:44:55 +01:00
distribution: 'temurin'
2021-12-01 15:50:22 -05:00
- name: Run PMD
id: pmd
2022-02-10 18:08:47 +01:00
uses: pmd/pmd-github-action@967a81f8b657c87f7c3e96b62301cb1a48efef29
2021-10-27 15:35:18 -04:00
with:
2021-12-01 15:50:22 -05:00
rulesets: 'rulesets/java/quickstart.xml'
sourcePath: 'src/main/java'
2022-02-10 18:08:47 +01:00
analyzeModifiedFilesOnly: false
2021-12-01 15:50:22 -05:00
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
2021-10-27 15:35:18 -04:00
with:
2021-12-01 15:50:22 -05:00
sarif_file: pmd-report.sarif