clayburn opened a new pull request, #4740:
URL: https://github.com/apache/eventmesh/pull/4740
<!--
### Contribution Checklist
- Name the pull request in the form "[ISSUE #XXXX] Title of the pull
request",
where *XXXX* should be replaced by the actual issue number.
Skip *[ISSUE #XXXX]* if there is no associated github issue for this
pull request.
- Fill out the template below to describe the changes contributed by the
pull request.
That will give reviewers the context they need to do the review.
- Each pull request should address only one issue.
Please do not mix up code from multiple issues.
- Each commit in the pull request should have a meaningful commit message.
- Once all items of the checklist are addressed, remove the above text and
this checklist,
leaving only the filled out template below.
(The sections below can be removed for hotfixes of typos)
-->
<!--
(If this PR fixes a GitHub issue, please add `Fixes #<XXX>` or `Closes
#<XXX>`.)
-->
Fixes #4737.
### Motivation
The motivation for this PR is to fix an issue where CodeQL is not able to
analyze a PR when the Gradle build cache prevents all Java compilation. CodeQL
requires the compiler to execute during the workflow in order to perform its
analysis, as documented
[here](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/no-source-code-seen-during-build).
### Modifications
This pull request moves the CodeQL verification to its own workflow,
independent of the "Continuous Integration" workflow, where Gradle build
caching is disabled. This not only addresses the issue, but should also have
some improvements to the workflows:
* By moving CodeQL to its own workflow, it can execute in parallel. This
removes CodeQL analysis from the critical path of a full build and lets the
continuous integration workflow finish more quickly by leveraging build cache
and skipping this analysis.
* By moving CodeQL to its own workflow, it is no longer necessary to run the
"Continuous integration" workflow for both Java and Go, since the Go branch
only seemed to run in order to get CodeQL results. This would eliminate four
workflows per larger build. We can also skip the Gradle build on the Go CodeQL
workflow.
### Documentation
- Does this pull request introduce a new feature? (yes / no)
- If yes, how is the feature documented? (not applicable / docs / JavaDocs /
not documented)
- If a feature is not applicable for documentation, explain why?
- If a feature is not documented yet in this PR, please create a followup
issue for adding the documentation
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org
For additional commands, e-mail: dev-h...@eventmesh.apache.org
