Files
starter-workflows/code-scanning/pmd.yml
T

43 lines
1.2 KiB
YAML
Raw Normal View History

2021-10-27 15:35:18 -04:00
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: pmd
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
2022-02-10 18:08:47 +01:00
branches: [ $default-branch ]
2021-10-27 15:35:18 -04:00
schedule:
- cron: $cron-weekly
2022-02-17 08:57:59 +05:30
permissions:
contents: read
2021-10-27 15:35:18 -04:00
jobs:
2021-12-01 15:50:22 -05:00
pmd-code-scan:
2022-02-17 08:57:59 +05:30
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
2021-10-27 15:35:18 -04:00
runs-on: ubuntu-latest
steps:
2022-03-28 13:10:48 -04:00
- uses: actions/checkout@v3
2021-12-01 15:50:22 -05:00
- name: Set up JDK 11
2022-03-28 13:10:48 -04:00
uses: actions/setup-java@v3
2021-10-27 15:35:18 -04:00
with:
2021-12-01 15:50:22 -05:00
java-version: '11'
2021-12-20 11:44:55 +01:00
distribution: 'temurin'
2021-12-01 15:50:22 -05:00
- name: Run PMD
id: pmd
2022-02-10 18:08:47 +01:00
uses: pmd/pmd-github-action@967a81f8b657c87f7c3e96b62301cb1a48efef29
2021-10-27 15:35:18 -04:00
with:
2021-12-01 15:50:22 -05:00
rulesets: 'rulesets/java/quickstart.xml'
sourcePath: 'src/main/java'
2022-02-10 18:08:47 +01:00
analyzeModifiedFilesOnly: false
2021-12-01 15:50:22 -05:00
- name: Upload SARIF file
2022-03-31 08:24:35 -04:00
uses: github/codeql-action/upload-sarif@v2
2021-10-27 15:35:18 -04:00
with:
2021-12-01 15:50:22 -05:00
sarif_file: pmd-report.sarif