From 2d814bb4388498625fcd9b2d786acf3f6e685e6c Mon Sep 17 00:00:00 2001 From: Decoder Date: Mon, 11 May 2026 21:40:38 -0700 Subject: [PATCH] ci(codeql): force a clean recompile every run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CodeQL was failing with "could not process any code written in Java/Kotlin" on PRs that touched no Java source — the README PR (#40) and the release-cut commit (#39, which only edits CHANGELOG.md). Diagnosis: gradle/actions/setup-gradle@v6 restores the build cache on every run. README- and CHANGELOG-only changes leave every input to the JavaCompile task identical, so Gradle reports the `classes` task as UP-TO-DATE and runs zero `javac` invocations. CodeQL's Java tracer wraps `javac`; no invocations means no extracted classes, which surfaces as the empty-database error at the analyze step. Confirmed by the run-duration pattern in `gh run list --workflow=codeql.yml`: - failing runs (#39 release-cut, #40 README) finished in ~1 min - successful runs (#35-#38 feature PRs that touched src/) took ~2 min The minute of "missing" wall-clock is exactly the javac step that didn't run. Fix: `--no-build-cache clean classes` forces a recompile every CodeQL invocation. Drops a `clean` task ahead of `classes` to guarantee no UP-TO-DATE skip, and `--no-build-cache` is belt-and-braces against the setup-gradle action's cache restore. Slightly slower CodeQL runs (~30s more on cold compile) but the analyze step gets real javac output to extract from. --- .github/workflows/codeql.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ca73efd..4c35ca1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,7 +37,15 @@ jobs: queries: security-and-quality - name: Compile (drives CodeQL extraction) - run: ./gradlew --no-daemon classes + # CodeQL's Java tracer wraps `javac` invocations; if Gradle reports + # `classes` as UP-TO-DATE (which happens on PRs that touch no + # source files — README-only / CHANGELOG-only / workflow-only), + # the tracer sees zero compilations and the analyze step fails + # with "could not process any code written in Java/Kotlin". + # `clean` forces a recompile every run; `--no-build-cache` + # belt-and-braces against the gradle/actions/setup-gradle@v6 + # build-cache restore. + run: ./gradlew --no-daemon --no-build-cache clean classes - uses: github/codeql-action/analyze@v4 with: