Merge pull request #2703 from hussainmohd-a/v055n #71

	name: 🔎 CodeQL

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	schedule:
	- cron: '30 7 * * 1'

	jobs:
	analyze:
	name: Analyze (java-kotlin)
	runs-on: ubuntu-latest
	env:
	VARIANT: assembleWebsiteFullDebug
	permissions:
	security-events: write
	packages: read
	actions: read
	contents: read

	steps:
	- name: 🥏 Checkout
	uses: actions/checkout@v4

	- name: ☕️ JDKv17
	uses: actions/setup-java@v5
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: gradle

	- name: 🔎 Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: java-kotlin
	build-mode: manual
	# docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages

	- name: ⚡️ +x gradlew
	run: chmod +x gradlew

	- name: 🎪 Secrets
	if: success()
	# developers.google.com/android/guides/google-services-plugin#adding_the_json_file
	run: \|
	mkdir -p app/src/debug
	echo "${GSCV_TEST_JSON}" > app/src/debug/google-services.json
	# expected: l:29 w:45 m:691
	wc -lwm app/src/debug/google-services.json
	if [ -z "$GSCV_TEST_JSON" ]; then
	echo "VARIANT=assembleFdroidFullDebug" >> "$GITHUB_ENV"
	fi
	env:
	GSCV_TEST_JSON: ${{ secrets.GOOGLE_SERVICES_TEST_JSON }}

	- name: 🔨 Build
	if: success()
	run: \|
	./gradlew \
	${VARIANT} \
	--no-daemon \
	--warning-mode all
	env:
	VARIANT: ${{ env.VARIANT }}

	- name: 🔎 Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:java-kotlin"

Provide feedback