pmd

build(deps): Bump github/codeql-action from 3.28.5 to 3.28.9 #675

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.

	name: pmd

	on:
	push:
	branches: [ master ]
	pull_request:
	branches: [ master ]
	schedule:
	- cron: '33 14 * * 1'

	permissions:
	contents: read

	jobs:
	pmd-code-scan:
	permissions:
	contents: read # for pmd/pmd-github-action to determine modified files
	pull-requests: read # for pmd/pmd-github-action to query PRs
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Set up JDK 11
	uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
	with:
	java-version: '11'
	distribution: 'temurin'
	cache: maven
	- name: Run PMD
	id: pmd
	uses: pmd/pmd-github-action@d9c1f3c5940cbf5923f1354e83fa858b4496ebaa
	with:
	analyzeModifiedFilesOnly: 'false'
	rulesets: 'quickstart.xml'
	sourcePath: 'src/main/java'
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
	with:
	sarif_file: pmd-report.sarif

Provide feedback