-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
148 lines (142 loc) · 4.74 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Build and Deploy Snapshot
on:
push:
branches:
- main
paths-ignore:
- '**/*.md'
- '**/*.txt'
permissions: {}
jobs:
build:
permissions:
contents: read # to fetch code (actions/checkout)
name: Build dependency-check
runs-on: ubuntu-latest
steps:
- name: Install gpg secret key
id: install-gpg-key
run: |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- uses: actions/checkout@v4
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Check Local Maven Cache
id: maven-it-cache
uses: actions/cache@v4
with:
path: maven/target/local-repo
key: mvn-it-repo
- name: Check ODC Data Cache
id: odc-data-cache
uses: actions/cache@v4
with:
path: core/target/data
key: odc-data
- uses: actions/[email protected]
with:
dotnet-version: '8.0.x'
- name: Set up JDK 11
id: jdk-11
uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'zulu'
server-id: ossrh
server-username: ${{ secrets.OSSRH_USERNAME }}
server-password: ${{ secrets.OSSRH_TOKEN }}
- uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
with:
version: 6.0.2
- name: Build Snapshot with Maven
id: build-snapshot
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: mvn -V -s settings.xml -Prelease clean package verify source:jar javadoc:jar gpg:sign deploy -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
- name: SARIF Multitool
uses: microsoft/[email protected]
with:
# Command to be sent to SARIF Multitool
command: 'validate core/target/test-reports/Report.sarif'
- name: Archive IT test logs
id: archive-logs
if: always()
uses: actions/upload-artifact@v4
with:
name: it-test-logs
retention-days: 7
path: maven/target/it/**/build.log
- name: Archive code coverage results
id: archive-coverage
uses: actions/upload-artifact@v4
with:
name: code-coverage-report
retention-days: 7
path: |
**/target/jacoco-results/jacoco.xml
**/target/jacoco-results/**/*.html
- name: Archive Snapshot
id: archive-snapshot
uses: actions/upload-artifact@v4
with:
name: archive-snapshot
retention-days: 7
path: |
**/target/*.asc
**/target/*.jar
**/target/*.pom
ant/target/*.zip
cli/target/*.zip
publish_coverage:
name: publish code coverage reports
runs-on: ubuntu-latest
needs: build
steps:
- name: Download coverage reports
uses: actions/download-artifact@v4
with:
name: code-coverage-report
- name: Run codacy-coverage-reporter
uses: codacy/codacy-coverage-reporter-action@master
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml
docker:
permissions:
contents: read # to fetch code (actions/checkout)
name: Build and Test Docker
runs-on: ubuntu-latest
needs: build
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Download release build
uses: actions/download-artifact@v4
with:
name: archive-snapshot
- name: Build Docker Image
run: ./build-docker.sh
- name: build scan target
run: mvn -V -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode
- name: Test Docker Image
run: ./test-docker.sh