ci: run mvn build in CodeQL workflow

sebthom · sebthom · commit 9d76a654d403 · 2025-11-14T12:16:22.000+01:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -27,6 +27,15 @@ on:  # https://docs.github.com/en/actions/reference/workflows-and-actions/events
     # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#workflow_dispatch
 
 
+defaults:
+  run:
+    shell: bash
+
+
+env:
+  JAVA_VERSION: 21
+
+
 jobs:
 
   ###########################################################
@@ -45,7 +54,7 @@ jobs:
         - language: actions
           build-mode: none
         - language: java-kotlin
-          build-mode: none
+          build-mode: manual
         # avoid build error: "CodeQL detected code written in Java/Kotlin, GitHub Actions, C/C++ and Python, 
         # but not any written in JavaScript/TypeScript."
         #- language: javascript-typescript
@@ -83,13 +92,59 @@ jobs:
       uses: actions/checkout@v5  # https://github.com/actions/checkout
 
 
-    # CodeQL executes https://github.com/ferstl/depgraph-maven-plugin
-    - name: "Install: JDK 25 for Maven/Tycho ☕"
+    - name: "Install: JDK ${{ env.JAVA_VERSION }} ☕"
       uses: actions/setup-java@v5  # https://github.com/actions/setup-java
-      if: matrix.language == 'java'
+      if: matrix.language == 'java-kotlin'
       with:
         distribution: temurin
-        java-version: 25
+        java-version: ${{ env.JAVA_VERSION }}
+
+
+    - name: "Cache: Local Maven Repository"
+      uses: actions/cache/restore@v4
+      if: matrix.language == 'java-kotlin'
+      with:
+        # Excluded sub directory not working https://github.com/actions/toolkit/issues/713
+        path: |
+          ~/.m2/repository/*
+          !~/.m2/repository/.cache/tycho
+          !~/.m2/repository/.meta/p2-artifacts.properties
+          !~/.m2/repository/p2
+          !~/.m2/repository/*SNAPSHOT*
+        key: ${{ runner.os }}-${{ runner.arch }}-repo-mvn-${{ hashFiles('**/pom.xml') }}
+
+
+    - name: "Cache: Local Tycho Repository"
+      uses: actions/cache/restore@v4
+      if: matrix.language == 'java-kotlin'
+      with:
+        path: |
+          ~/.m2/repository/.cache/tycho
+          ~/.m2/repository/.meta/p2-artifacts.properties
+          ~/.m2/repository/p2
+        key: ${{ runner.os }}-${{ runner.arch }}-repo-tycho-${{ hashFiles('target-platforms/target-platform-latest/target-platform-latest.target') }}
+
+
+    - name: "Build with Maven 🔨"
+      if: matrix.language == 'java-kotlin'
+      run: |
+        set -euo pipefail
+
+        MAVEN_OPTS="${MAVEN_OPTS:-}"
+        MAVEN_OPTS+=" -Djava.security.egd=file:/dev/./urandom" # https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for/59097932#59097932
+        MAVEN_OPTS+=" -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" # https://stackoverflow.com/questions/5120470/how-to-time-the-different-stages-of-maven-execution/49494561#49494561
+        MAVEN_OPTS+=" -Xmx1024m -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dhttps.protocols=TLSv1.3,TLSv1.2"
+        export MAVEN_OPTS
+        echo "MAVEN_OPTS: $MAVEN_OPTS"
+ 
+        ./mvnw \
+          --errors \
+          --no-transfer-progress \
+          --batch-mode \
+          --show-version \
+          -Declipse.p2.mirrors=false \
+          -Dskip.tests=true \
+          clean verify
 
 
     # https://docs.github.com/en/code-security/code-scanning
