I noticed that, after the recent addition of some Lombok code in this project, CodeQL no longer extracts the classes that use it. This PR adds a delombok step to the code analysis GitHub Action so that those classes are extracted again, potentially uncovering new security issues.
⚠️ Take into account that this is NOT an officially supported solution from GitHub, but rather something that I recommend as an individual contributor. Take it with a grain of salt if you decide to use it 😄.
Also, I changed the build command to assembleDebug, which should be faster (both because it skips tests and only builds one flavor of the app) while being equally useful to CodeQL.
I noticed that, after the recent addition of some Lombok code in this project, CodeQL no longer extracts the classes that use it. This PR adds a delombok step to the code analysis GitHub Action so that those classes are extracted again, potentially uncovering new security issues.
⚠️ Take into account that this is NOT an officially supported solution from GitHub, but rather something that I recommend as an individual contributor. Take it with a grain of salt if you decide to use it 😄.
Also, I changed the build command to
assembleDebug
, which should be faster (both because it skips tests and only builds one flavor of the app) while being equally useful to CodeQL.