Extract Unicode dump into separate workflow. Add manual CodeQL workflow (#173)

This reduces the number of downloads and the load on the service is used
for that

Author: OptimumCode

.github/workflows/benchmark.yml

@@ -45,7 +45,11 @@ concurrency:
   group: bench-${{ github.event_name }}-${{ github.event.pull_request.number || github.event.after }}
 
 jobs:
+  dump-unicode-data:
+    uses: ./.github/workflows/unicode-dump.yml
   benchmark-matrix:
+    needs:
+      - dump-unicode-data
     strategy:
       matrix:
         include:
@@ -86,6 +90,7 @@ jobs:
       - name: Cache unicode data
         uses: actions/cache@v4
         with:
+          fail-on-cache-miss: true
           path: unicode_dump
           key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
           restore-keys: |

.github/workflows/build-and-test.yml

@@ -39,6 +39,7 @@ jobs:
     - name: Cache unicode data
       uses: actions/cache@v4
       with:
+        fail-on-cache-miss: true
         path: unicode_dump
         key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
         restore-keys: |

.github/workflows/check.yml

@@ -56,6 +56,7 @@ jobs:
       - name: Cache unicode data
         uses: actions/cache@v4
         with:
+          fail-on-cache-miss: true
           path: unicode_dump
           key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
           restore-keys: |
@@ -65,7 +66,7 @@ jobs:
         with:
           gradle-version: wrapper
       - name: Build
-        run: ./gradlew --no-daemon --info ${{ inputs.task }} koverXmlReport -x :benchmark:benchmark
+        run: ./gradlew --no-daemon --info ${{ inputs.task }} koverXmlReport -x :benchmark:benchmark --build-cache
       - name: Upload coverage reports to Codecov
         if: inputs.upload-code-coverage && github.actor != 'dependabot[bot]'
         uses: codecov/codecov-action@v4

.github/workflows/code-coverage-upload.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   upload:
     runs-on: ubuntu-latest
-    if: github.event.workflow_run.actor.name != 'dependabot[bot]' && github.repository == 'OptimumCode/json-schema-validator'
+    if: github.event.workflow_run.actor.name != 'dependabot[bot]' && github.repository == 'OptimumCode/json-schema-validator' && github.event.workflow_run.conclusion == 'success'
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
@@ -21,12 +21,6 @@ jobs:
           name: coverage-reports
           path: reports/
           run_id: ${{ github.event.workflow_run.id }}
-      - name: Download PR number
-        uses: dawidd6/action-download-artifact@v6
-        with:
-          name: pr-number
-          path: '.'
-          run_id: ${{ github.event.workflow_run.id }}
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@v4
         with:

.github/workflows/codeql.yml

@@ -0,0 +1,74 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '19 19 * * 6'
+
+jobs:
+  dump-unicode-data:
+    uses: ./.github/workflows/unicode-dump.yml
+  analyze:
+    needs:
+      - dump-unicode-data
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+    env:
+      LANGUAGE: java-kotlin
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ env.LANGUAGE }}
+        build-mode: manual
+    # Build
+    - uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version-file: .java-version
+    - name: Validate Gradle Wrapper
+      uses: gradle/actions/wrapper-validation@v3
+    - name: Cache konan
+      uses: actions/cache@v4
+      with:
+        path: ~/.konan
+        key: ${{ runner.os }}-gradle-${{ hashFiles('*.gradle.kts') }}
+        restore-keys: |
+            ${{ runner.os }}-gradle-
+    - name: Cache unicode data
+      uses: actions/cache@v4
+      with:
+        fail-on-cache-miss: true
+        path: unicode_dump
+        key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
+        restore-keys: |
+            unicode-dump-
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v3
+      with:
+        gradle-version: wrapper
+    - name: Build
+      run: ./gradlew --no-daemon -S -Dorg.gradle.dependency.verification=off -Dorg.gradle.warning.mode=none testClasses
+
+    # Perform analysis
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{ env.LANGUAGE }}"

.github/workflows/pull_request.yml

@@ -11,7 +11,11 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  dump-unicode-data:
+    uses: ./.github/workflows/unicode-dump.yml
   reviewdog:
+    needs:
+      - dump-unicode-data
     permissions:
       pull-requests: write
     runs-on: ubuntu-latest
@@ -34,6 +38,7 @@ jobs:
     - name: Cache unicode data
       uses: actions/cache@v4
       with:
+        fail-on-cache-miss: true
         path: unicode_dump
         key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
         restore-keys: |
@@ -51,6 +56,8 @@ jobs:
         REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: reviewdog -tee -reporter=github-pr-review
   check-pr:
+    needs:
+      - dump-unicode-data
     uses: ./.github/workflows/build-and-test.yml
     with:
       collect-code-coverage: true
@@ -69,17 +76,3 @@ jobs:
           dangerfile: Dangerfile.df.kts
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  store-pr-number:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Save PR number
-        env:
-          PR_NUMBER: ${{ github.event.number }}
-        run: |
-          mkdir -p ./pr
-          echo $PR_NUMBER > ./pr/pr_number
-      - uses: actions/upload-artifact@v4
-        with:
-          name: pr-number
-          path: pr/
-

.github/workflows/release.yml

@@ -24,7 +24,11 @@ jobs:
           version-source: file
           version-file: ${{ env.VERSION_FILE }}
           version-file-extraction-pattern: ${{ env.VERSION_PATTERN }}
+  dump-unicode-data:
+    uses: ./.github/workflows/unicode-dump.yml
   build-and-test:
+    needs:
+      - dump-unicode-data
     uses: ./.github/workflows/build-and-test.yml
   publish_artifacts:
     needs:
@@ -55,6 +59,7 @@ jobs:
       - name: Cache unicode data
         uses: actions/cache@v4
         with:
+          fail-on-cache-miss: true
           path: unicode_dump
           key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
           restore-keys: |

.github/workflows/snapshot_release.yml

@@ -13,7 +13,11 @@ on:
       - '.github/workflows/snapshot_release.yml'
 
 jobs:
+  dump-unicode-data:
+    uses: ./.github/workflows/unicode-dump.yml
   build-and-test:
+    needs:
+      - dump-unicode-data
     uses: ./.github/workflows/build-and-test.yml
     with:
       upload-code-coverage: true
@@ -47,6 +51,7 @@ jobs:
       - name: Cache unicode data
         uses: actions/cache@v4
         with:
+          fail-on-cache-miss: true
           path: unicode_dump
           key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
           restore-keys: |

.github/workflows/unicode-dump.yml

@@ -0,0 +1,34 @@
+name: Dump information for Unicode characters
+
+on:
+  workflow_call:
+
+jobs:
+  generate-dump:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout Repository'
+      uses: actions/checkout@v4
+    - uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version-file: .java-version
+    - name: Cache unicode data
+      id: cache
+      uses: actions/cache@v4
+      with:
+        path: unicode_dump
+        key: unicode-dump-${{ hashFiles('unicode_dump/*') }}
+        restore-keys: |
+            unicode-dump-
+    - name: Validate Gradle Wrapper
+      if: ${{ !steps.cache.outputs.cache-hit }}
+      uses: gradle/actions/wrapper-validation@v3
+    - name: Setup Gradle
+      if: ${{ !steps.cache.outputs.cache-hit }}
+      uses: gradle/actions/setup-gradle@v3
+      with:
+        gradle-version: wrapper
+    - name: Build
+      if: ${{ !steps.cache.outputs.cache-hit }}
+      run: ./gradlew :json-schema-validator:dumpCharacterData