Fix #31 Force codeql analysis to use internal repos

- Add MAVEN_ARGS for the codeql autobuild - Add jfrog credentials
wultra · Aug 15, 2023 · cc36f90 · cc36f90
1 parent cebb384
commit cc36f90
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -34,6 +34,9 @@ jobs:
         with:
           java-version: ${{ inputs.java-version }}
           distribution: 'temurin'
+          server-id: ${{inputs.server-id}} #server id has to be passed this way it will not work via env in the test step
+          server-username: INTERNAL_USERNAME
+          server-password: INTERNAL_PASSWORD
           cache: maven
 
       - name: Initialize CodeQL
@@ -44,7 +47,10 @@ jobs:
       - name: Autobuild
         uses: github/codeql-action/autobuild@v2
         env:
-          JAVA_TOOL_OPTIONS: '-DuseInternalRepo=true'
+          MAVEN_ARGS: '-DuseInternalRepo=true'
+          # those are not environmental secret, but global secret - for readonly access to artifactory, credentials has to be passed this way
+          INTERNAL_USERNAME: ${{ secrets.JFROG_USERNAME }}
+          INTERNAL_PASSWORD: ${{ secrets.JFROG_PASSWORD }}
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2