java maven github-actions pom.xml codeql

CodeQL Java Analysis - missing parameters

for various reasons I decided to set an environment variable in IntelliJ for the output directory defined in pom.xml.

            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-resources-plugin</artifactId>
                <version>3.2.0</version>
                <executions>
                    <execution>
                        <id>copy-files-on-build</id>
                        <phase>package</phase>
                        <goals>
                            <goal>copy-resources</goal>
                        </goals>
                        <configuration>
>                           <outputDirectory>${PROJECT_OUTPUT}</outputDirectory>
                            <resources>
                                <resource>
                                    <directory>${basedir}/target</directory>
                                    <include>${project.build.finalName}.jar</include>
                                    <filtering>false</filtering>
                                </resource>
                            </resources>
                        </configuration>
                    </execution>
                </executions>
            </plugin>

Unfortunately, CodeQL Analysis throws following error:

 Error: 8-02 04:52:22] [autobuild] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:3.3.1:copy-resources (copy-files-on-build) on project PROJECT: The parameters 'outputDirectory' for goal org.apache.maven.plugins:maven-resources-plugin:3.3.1:copy-resources are missing or invalid -> [Help 1]
  [2023-08-02 04:52:22] [autobuild] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:3.3.1:copy-resources (copy-files-on-build) on project PROJECT: The parameters 'outputDirectory' for goal org.apache.maven.plugins:maven-resources-plugin:3.3.1:copy-resources are missing or invalid

Is there any way to fix this issue?

An absolute path leads to no errors and performs the analysis as expected.

Solution

There are probably multiple approaches to solve this:

If this copy-files-on-build execution is only relevant for your local build, you could either
- remove <phase>package</phase> and manually invoke the plugin when building locally, see Run a single Maven plugin execution?
- or, move this configuration to a Maven build profile, and either manually activate it when building locally, with mvn --activate-profiles ... (respectively mvn -P ...), or deactivate it when running CodeQL
Specify the PROJECT_OUTPUT value with mvn "-DPROJECT_OUTPUT=..." ... when running CodeQL

If you want to use one of the approaches which requires a custom mvn command for CodeQL, you will have to use the "advanced setup" for GitHub code scanning, and there remove the autobuild step and instead manually specify the mvn build command. You can take for example a look at how the Gson CodeQL workflow specifies a custom mvn command to execute.