From 09618f8d43e8f88941c566264d97d4612e50fe39 Mon Sep 17 00:00:00 2001 From: Nicklas Lundin Date: Mon, 16 Feb 2026 09:29:58 +0100 Subject: [PATCH 1/5] ci: add CodeQL workflow with manual Java build Co-Authored-By: Claude Opus 4.6 --- .github/workflows/codeql.yml | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..204b0d5b --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,39 @@ +name: CodeQL + +on: + push: + branches: [main] + pull_request: + schedule: + - cron: "25 7 * * 3" + +permissions: + contents: read + security-events: write + +jobs: + analyze: + name: Analyze Java + runs-on: ubuntu-24.04-arm + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 17 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: java-kotlin + build-mode: manual + + - name: Build Java provider + run: mvn -B compile -f openfeature-provider/java/pom.xml + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 From c8eb9b0e7a5d66c8636f926f76a64b232fa46049 Mon Sep 17 00:00:00 2001 From: Nicklas Lundin Date: Mon, 16 Feb 2026 09:32:21 +0100 Subject: [PATCH 2/5] fix(ci): upgrade codeql-action to v4 Co-Authored-By: Claude Opus 4.6 --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 204b0d5b..7f70a29d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,7 +27,7 @@ jobs: java-version: 17 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: java-kotlin build-mode: manual @@ -36,4 +36,4 @@ jobs: run: mvn -B compile -f openfeature-provider/java/pom.xml - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 From 8b51c9f727e08ada1137067ac2d638d3a6171d43 Mon Sep 17 00:00:00 2001 From: Nicklas Lundin Date: Mon, 16 Feb 2026 09:35:57 +0100 Subject: [PATCH 3/5] fix(ci): use x64 runner for CodeQL Co-Authored-By: Claude Opus 4.6 --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7f70a29d..25b44317 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,7 +14,7 @@ permissions: jobs: analyze: name: Analyze Java - runs-on: ubuntu-24.04-arm + runs-on: ubuntu-24.04 steps: - name: Checkout From 745f8bd6174e23cd4da2a3660f5660d044ddf859 Mon Sep 17 00:00:00 2001 From: Nicklas Lundin Date: Mon, 16 Feb 2026 09:43:24 +0100 Subject: [PATCH 4/5] feat(ci): add all supported languages to CodeQL analysis Co-Authored-By: Claude Opus 4.6 --- .github/workflows/codeql.yml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 25b44317..0ac15d0d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,14 +13,29 @@ permissions: jobs: analyze: - name: Analyze Java + name: Analyze (${{ matrix.language }}) runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + include: + - language: java-kotlin + build-mode: manual + - language: go + build-mode: autobuild + - language: javascript-typescript + build-mode: none + - language: python + build-mode: none + - language: ruby + build-mode: none steps: - name: Checkout uses: actions/checkout@v4 - name: Set up JDK 17 + if: matrix.language == 'java-kotlin' uses: actions/setup-java@v4 with: distribution: temurin @@ -29,10 +44,11 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: - languages: java-kotlin - build-mode: manual + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} - name: Build Java provider + if: matrix.language == 'java-kotlin' run: mvn -B compile -f openfeature-provider/java/pom.xml - name: Perform CodeQL Analysis From 6734942bfb18d7f8b7761966864bd3c629e33a1e Mon Sep 17 00:00:00 2001 From: Nicklas Lundin Date: Mon, 16 Feb 2026 09:46:53 +0100 Subject: [PATCH 5/5] feat(ci): add actions and rust languages, add category Co-Authored-By: Claude Opus 4.6 --- .github/workflows/codeql.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0ac15d0d..ee9dabc1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -10,6 +10,7 @@ on: permissions: contents: read security-events: write + packages: read jobs: analyze: @@ -19,6 +20,8 @@ jobs: fail-fast: false matrix: include: + - language: actions + build-mode: none - language: java-kotlin build-mode: manual - language: go @@ -29,6 +32,8 @@ jobs: build-mode: none - language: ruby build-mode: none + - language: rust + build-mode: none steps: - name: Checkout @@ -48,8 +53,10 @@ jobs: build-mode: ${{ matrix.build-mode }} - name: Build Java provider - if: matrix.language == 'java-kotlin' + if: matrix.build-mode == 'manual' run: mvn -B compile -f openfeature-provider/java/pom.xml - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 + with: + category: "/language:${{ matrix.language }}"