Skip to content

Bump org.owasp:dependency-check-maven from 11.1.1 to 12.0.0 #425

Bump org.owasp:dependency-check-maven from 11.1.1 to 12.0.0

Bump org.owasp:dependency-check-maven from 11.1.1 to 12.0.0 #425

Workflow file for this run

name: Ubuntu Maven build
concurrency: # More info: https://stackoverflow.com/a/68422069/253468
group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) || format('ci-master-{0}', github.ref) }}
cancel-in-progress: true
env:
MAVEN_OPTS: -Djava.awt.headless=true
MAVEN_VERSION: '3.9.7'
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
schedule:
- cron: "16 23 * * 0"
jobs:
build:
name: Build w/ Java 17
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: Priming build with Maven
run: mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true install
- name: Test with Maven
run: |
mvn -B -fae -e test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
verbose: true
token: ${{ secrets.CODECOV_TOKEN }}
- name: Build javadoc
run: mvn javadoc:javadoc
# Upload event file so test results can be processed for the PR
# https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches
event_file:
name: "Event File"
runs-on: ubuntu-latest
steps:
- name: Upload
uses: actions/upload-artifact@v4
with:
name: Event File
path: ${{ github.event_path }}
site:
name: 'Publish gh-pages'
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
needs: build
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'Build Maven site'
env:
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: mvn site
- name: 'Deploy gh-pages'
uses: JamesIves/github-pages-deploy-action@v4
with:
branch: gh-pages
folder: target/site
publish:
name: Deploy artifacts
runs-on: ubuntu-latest
needs: build
permissions:
packages: write
contents: read
if: ${{ github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }}
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'Log in to GitHub container registry'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push
# no need to run any QC or tests
# note deploy will deploy both Maven artifact as well as Docker image
env:
B3P_DEPLOY_ACTOR: ${{ secrets.B3P_DEPLOY_ACTOR }}
B3P_DEPLOY_TOKEN: ${{ secrets.B3P_DEPLOY_TOKEN }}
GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
docker run --privileged --rm tonistiigi/binfmt --install arm64
mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true -Pqa-skip clean deploy --settings .github/maven-settings.xml
docker push ghcr.io/b3partners/planmonitor-wonen-api:snapshot
cleanup:
name: Maven cache cleanup
if: ${{ always() }}
needs: [ build, publish ]
runs-on: ubuntu-latest
steps:
- uses: actions/cache@v4
with:
path: ~/.m2/repository
key: setup-java-Linux-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
setup-java-Linux-maven-
- name: Cleanup snapshot cache
run: |
find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}