Update dependency org.owasp:dependency-check-maven to v12 (#172) #426
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ubuntu Maven build | |
concurrency: # More info: https://stackoverflow.com/a/68422069/253468 | |
group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) || format('ci-master-{0}', github.ref) }} | |
cancel-in-progress: true | |
env: | |
MAVEN_OPTS: -Djava.awt.headless=true | |
MAVEN_VERSION: '3.9.7' | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
workflow_dispatch: | |
schedule: | |
- cron: "16 23 * * 0" | |
jobs: | |
build: | |
name: Build w/ Java 17 | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: 'Set up Maven' | |
uses: stCarolas/setup-maven@v5 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: Priming build with Maven | |
run: mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true install | |
- name: Test with Maven | |
run: | | |
mvn -B -fae -e test | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v5 | |
with: | |
verbose: true | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Build javadoc | |
run: mvn javadoc:javadoc | |
# Upload event file so test results can be processed for the PR | |
# https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches | |
event_file: | |
name: "Event File" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Upload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Event File | |
path: ${{ github.event_path }} | |
site: | |
name: 'Publish gh-pages' | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }} | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: 'Set up Maven' | |
uses: stCarolas/setup-maven@v5 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: 'Build Maven site' | |
env: | |
NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
run: mvn site | |
- name: 'Deploy gh-pages' | |
uses: JamesIves/github-pages-deploy-action@v4 | |
with: | |
branch: gh-pages | |
folder: target/site | |
publish: | |
name: Deploy artifacts | |
runs-on: ubuntu-latest | |
needs: build | |
permissions: | |
packages: write | |
contents: read | |
if: ${{ github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: 'Set up Maven' | |
uses: stCarolas/setup-maven@v5 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: 'Log in to GitHub container registry' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Push | |
# no need to run any QC or tests | |
# note deploy will deploy both Maven artifact as well as Docker image | |
env: | |
B3P_DEPLOY_ACTOR: ${{ secrets.B3P_DEPLOY_ACTOR }} | |
B3P_DEPLOY_TOKEN: ${{ secrets.B3P_DEPLOY_TOKEN }} | |
GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
docker run --privileged --rm tonistiigi/binfmt --install arm64 | |
mvn -B -V -fae -DskipTests -DskipITs -DskipQA=true -Pqa-skip clean deploy --settings .github/maven-settings.xml | |
docker push ghcr.io/b3partners/planmonitor-wonen-api:snapshot | |
cleanup: | |
name: Maven cache cleanup | |
if: ${{ always() }} | |
needs: [ build, publish ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: setup-java-Linux-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
setup-java-Linux-maven- | |
- name: Cleanup snapshot cache | |
run: | | |
find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {} |