Remove CodeQL workflow from repository

2025-12-28 05:13:46 +00:00 · 2025-07-31 21:31:42 -07:00 · 2025-07-31 21:31:42 -07:00 · 8a07d02b94
commit 8a07d02b94
parent d8bb916d1d
1 changed files with 0 additions and 153 deletions
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@ -1,153 +0,0 @@
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    branches: [ "master" ]
-  schedule:
-    - cron: '0 3 * * 1'  # Weekly scan
-env:
-  # Release tag associated with version of Detekt to be installed
-  # SARIF support (required for this workflow) was introduced in Detekt v1.15.0
-  DETEKT_RELEASE_TAG: v1.15.0
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - language: actions
-            build-mode: none
-          - language: java-kotlin
-            build-mode: autobuild
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up JDK 21
-        uses: actions/setup-java@v4
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
-      - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v3
-        with:
-          add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure'
-          build-scan-publish: true
-          build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
-          build-scan-terms-of-use-agree: "yes"
-
-      - name: Set up Android SDK
-        uses: android-actions/setup-android@v3
-
-      - name: Grant execute permissions to gradlew
-        run: chmod +x ./gradlew
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: ${{ matrix.language }}
-          build-mode: ${{ matrix.build-mode }}
-
-      - name: Build project
-        run: ./gradlew assembleDebug --stacktrace
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:${{matrix.language}}"
-
-  # This workflow contains a single job called "scan"
-  scan:
-    name: Detekt Scan
-    # The type of runner that the job will run on
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
-    steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v4
-
-      # Gets the download URL associated with the $DETEKT_RELEASE_TAG
-      - name: Get Detekt download URL
-        id: detekt_info
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
-            query getReleaseAssetDownloadUrl($tagName: String!) {
-              repository(name: "detekt", owner: "detekt") {
-                release(tagName: $tagName) {
-                  releaseAssets(name: "detekt", first: 1) {
-                    nodes {
-                      downloadUrl
-                    }
-                  }
-                  tagCommit {
-                    oid
-                  }
-                }
-              }
-            }
-          ' 1> gh_response.json
-          
-          DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json)
-          if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then
-            echo "Release tag doesn't match expected commit SHA"
-            exit 1
-          fi
-          
-          DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
-          echo "download_url=$DETEKT_DOWNLOAD_URL" >> $GITHUB_OUTPUT
-
-      # Sets up the detekt cli
-      - name: Setup Detekt
-        run: |
-          dest=$( mktemp -d )
-          curl --request GET \
-            --url ${{ steps.detekt_info.outputs.download_url }} \
-            --silent \
-            --location \
-            --output $dest/detekt
-          chmod a+x $dest/detekt
-          echo $dest >> $GITHUB_PATH
-
-      # Performs static analysis using Detekt
-      - name: Run Detekt
-        continue-on-error: true
-        run: |
-          detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json
-
-      # Modifies the SARIF output produced by Detekt so that absolute URIs are relative
-      # This is so we can easily map results onto their source files
-      # This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA
-      - name: Make artifact location URIs relative
-        continue-on-error: true
-        run: |
-          echo "$(
-            jq \
-              --arg github_workspace ${{ github.workspace }} \
-              '. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \
-              ${{ github.workspace }}/detekt.sarif.json
-          )" > ${{ github.workspace }}/detekt.sarif.json
-
-      # Uploads results to GitHub repository using the upload-sarif action
-      - uses: github/codeql-action/upload-sarif@v3
-        with:
-          # Path to SARIF file relative to the root of the repository
-          sarif_file: ${{ github.workspace }}/detekt.sarif.json
-          checkout_path: ${{ github.workspace }}