Create a demo where CodeQL runs in a reusable workflow and accepts query pack suggestions #1
Description
I'm working with a customer on using GitHub Advanced Security CodeQL Code Scanning. The customer has created a reusable workflow does the code scanning, that they then call from a workflow in the developer's repo.
My customer is saying that when they try and pass additional query packs into the reusable workflow, that it doesn't work, and it says it can't find the query packs. I have not seen their code yet so I can't verify this is happening.
So, I'd like you to help create me a demo of this scenario. The language we are using should be Java. I'll need you to do the following:
- Create a simple java application. I don't know java, so don't make it too complex. But make sure it will throw at least a couple of CodeQL alerts.
- Create a simple workflow file. That workflow file should just call the reusable workflow you are going to create that does teh CodeQL scanning
- Create a reusable workflow that sets up the tooling, builds the code, and does the codeql scanning.
- I want to be able to pass in the query packs that I want the code scanning to use into the reusable workflow
- Make sure all the code is well documented
- Create a README.md that describes all of what we are doing