Only compile main sources for code scanning

google · Feb 12, 2022 · 8cfc859 · 8cfc859
1 parent e8e7e7e
commit 8cfc859
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -35,10 +35,12 @@ jobs:
         # Run all security queries and maintainability and reliability queries
         queries: +security-and-quality
 
-    # Autobuild attempts to build any compiled languages (C/C++, C#, or Java)
-    # If this step fails, then you should remove it and run the build manually
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+    # Only compile main sources, but ignore test sources because findings for them might not
+    # be that relevant (though GitHub security view also allows filtering by source type)
+    # Can replace this with github/codeql-action/autobuild action to run complete build
+    - name: Compile sources
+      run: |
+        mvn compile
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v1