pmd-analysis.yml

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: pmd

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]  
  schedule:
    - cron: '33 14 * * 1'

permissions:
  contents: read

jobs:
  pmd-code-scan:
    permissions:
      contents: read  # for pmd/pmd-github-action to determine modified files
      pull-requests: read  # for pmd/pmd-github-action to query PRs
      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up JDK 11
        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
        with:
          java-version: '11'
          distribution: 'temurin'
          cache: maven
      - name: Run PMD
        id: pmd
        uses: pmd/pmd-github-action@d9c1f3c5940cbf5923f1354e83fa858b4496ebaa
        with:
          analyzeModifiedFilesOnly: 'false'
          rulesets: 'quickstart.xml'
          sourcePath: 'src/main/java'
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5
        with:
          sarif_file: pmd-report.sarif