Add Java setup and build command for CodeQL

Author: Joonas Hiltunen

.github/workflows/shared-codeql.yml

@@ -10,6 +10,16 @@ on:
         description: 'Languages to analyze (JSON array, e.g., ["actions"]). See supported languages at https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks'
         required: true
         type: string
+      java_build_command:
+        description: "Optional build command for Java projects. Leave empty if not needed, build-mode: none is used."
+        required: false
+        type: string
+        default: ""
+      java_version:
+        description: "Optional Java version to set up (e.g. '21'). If not given, uses runner default."
+        required: false
+        type: string
+        default: ""
 
 jobs:
   analyze:
@@ -30,12 +40,24 @@ jobs:
         language: ${{ fromJSON(inputs.languages) }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
+
+      - name: Set up Java
+        if: matrix.language == 'java-kotlin' && inputs.java_version != ''
+        uses: actions/setup-java@v5
+        with:
+          distribution: "temurin"
+          java-version: ${{ inputs.java_version }}
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
+          build-mode: ${{ (matrix.language == 'java-kotlin' && inputs.java_build_command != '') && 'manual' || 'none' }}
+
+      - name: Build Java project
+        if: matrix.language == 'java-kotlin' && inputs.java_build_command != ''
+        run: ${{ inputs.java_build_command }}
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v4

.github/workflows/shared-dependency-scan.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Dependency Review
         uses: actions/dependency-review-action@v4