This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7f20dc0419 Clean-up CodeQL configuration
7f20dc0419 is described below
commit 7f20dc04191556d354c658e861f87414cfdd040a
Author: Mark Thomas <[email protected]>
AuthorDate: Wed May 13 13:24:10 2026 +0100
Clean-up CodeQL configuration
---
.github/workflows/codeql.yml | 42 +-----------------------------------------
1 file changed, 1 insertion(+), 41 deletions(-)
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index a93cb863e6..814b446540 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -23,11 +23,6 @@ on:
jobs:
analyze:
name: Analyze (${{ matrix.language }})
- # Runner size impacts CodeQL analysis time. To learn more, please see:
- # - https://gh.io/recommended-hardware-resources-for-running-codeql
- # - https://gh.io/supported-runners-and-hardware-resources
- # - https://gh.io/using-larger-runners (GitHub.com only)
- # Consider using larger runners or machines with greater resources for
possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') ||
'ubuntu-latest' }}
permissions:
# required for all workflows
@@ -36,10 +31,6 @@ jobs:
# required to fetch internal or private CodeQL packs
packages: read
- # only required for workflows in private repositories
- actions: read
- contents: read
-
strategy:
fail-fast: false
matrix:
@@ -47,25 +38,11 @@ jobs:
- language: actions
build-mode: none
- language: java-kotlin
- build-mode: none # This mode only analyzes Java. Set this to
'autobuild' or 'manual' to analyze Kotlin too.
- # CodeQL supports the following values keywords for 'language':
'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript',
'python', 'ruby', 'rust', 'swift'
- # Use `c-cpp` to analyze code written in C, C++ or both
- # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
- # Use 'javascript-typescript' to analyze code written in JavaScript,
TypeScript or both
- # To learn more about changing the languages that are analyzed or
customizing the build mode for your analysis,
- # see
https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
- # If you are analyzing a compiled language, you can modify the
'build-mode' for that language to customize how
- # your codebase is analyzed, see
https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+ build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- # Add any setup steps before running the `github/codeql-action/init`
action.
- # This includes steps like installing compilers or runtimes
(`actions/setup-node`
- # or others). This is typically only required for manual builds.
- # - name: Setup runtime (example)
- # uses: actions/setup-example@v1
-
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
@@ -82,23 +59,6 @@ jobs:
# For more details on CodeQL's query packs, refer to:
https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- # If the analyze step fails for one of the languages you are analyzing with
- # "We were unable to automatically build your code", modify the matrix
above
- # to set the build mode to "manual" for that language. Then modify this
step
- # to build your code.
- # âšī¸ Command-line programs to run using the OS shell.
- # đ See
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- - name: Run manual build steps
- if: matrix.build-mode == 'manual'
- shell: bash
- run: |
- echo 'If you are using a "manual" build mode for one or more of the' \
- 'languages you are analyzing, replace this with the commands to
build' \
- 'your code, for example:'
- echo ' make bootstrap'
- echo ' make release'
- exit 1
-
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
