Skip to content

Commit

Permalink
Enable Jenkins Security Scan and bypass CodeQL's JavaCompiler to supp…
Browse files Browse the repository at this point in the history
…ort JDK 17+ (#917)

* Enable Jenkins Security Scan and bypass CodeQL's JavaCompiler to support JDK 17+

* Try alternate workaround with --add-opens
  • Loading branch information
dwnusbaum authored Aug 9, 2024
1 parent a6f67a8 commit 7141c52
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/jenkins-security-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Jenkins Security Scan

on:
push:
branches:
- master
pull_request:
types: [ opened, synchronize, reopened ]
workflow_dispatch:

permissions:
security-events: write
contents: read
actions: read

jobs:
security-scan:
uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v2
with:
java-cache: 'maven' # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate.
2 changes: 2 additions & 0 deletions lib/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@
<sourceRoot>${project.build.directory}/generated-sources/dgm</sourceRoot>
<executable>java</executable>
<arguments>
<!-- Workaround for CodeQL support on JDK17+, see https://github.com/jenkinsci/workflow-cps-plugin/pull/901. -->
<argument>--add-opens=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED</argument>
<argument>-jar</argument>
<argument>${project.build.directory}/groovy-cps-dgm-builder-${project.version}-jar-with-dependencies.jar</argument>
<argument>${project.build.directory}/generated-sources/dgm</argument>
Expand Down

0 comments on commit 7141c52

Please sign in to comment.