federicoiosue
commented
1 year ago Hey thanks, it sounds nice to me. Expecially the modification to the Gradle command that was quite time consuming without any reason!
Closed atorralba closed 1 year ago
federicoiosue
commented
1 year ago Hey thanks, it sounds nice to me. Expecially the modification to the Gradle command that was quite time consuming without any reason!
I noticed that, after the recent addition of some Lombok code in this project, CodeQL no longer extracts the classes that use it. This PR adds a delombok step to the code analysis GitHub Action so that those classes are extracted again, potentially uncovering new security issues.
⚠️ Take into account that this is NOT an officially supported solution from GitHub, but rather something that I recommend as an individual contributor. Take it with a grain of salt if you decide to use it 😄.
Also, I changed the build command to
assembleDebug, which should be faster (both because it skips tests and only builds one flavor of the app) while being equally useful to CodeQL.