build(deps): bump amannn/action-semantic-pull-request from 5.4.0 to 5… #1310
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy Snapshot | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.txt' | |
| permissions: {} | |
| jobs: | |
| build: | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| name: Build dependency-check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install gpg secret key | |
| id: install-gpg-key | |
| run: | | |
| cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import | |
| gpg --list-secret-keys --keyid-format LONG | |
| - uses: actions/checkout@v4 | |
| - name: Check Maven Cache | |
| id: maven-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Check Local Maven Cache | |
| id: maven-it-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: maven/target/local-repo | |
| key: mvn-it-repo | |
| - name: Check ODC Data Cache | |
| id: odc-data-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: core/target/data | |
| key: odc-data | |
| - uses: actions/setup-dotnet@v4.0.0 | |
| with: | |
| dotnet-version: '6.0.x' | |
| - name: Set up JDK 1.8 | |
| id: jdk-8 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 8 | |
| distribution: 'zulu' | |
| server-id: ossrh | |
| server-username: ${{ secrets.OSSRH_USERNAME }} | |
| server-password: ${{ secrets.OSSRH_TOKEN }} | |
| - uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 | |
| with: | |
| version: 6.0.2 | |
| - name: Build Snapshot with Maven | |
| id: build-snapshot | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
| MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
| NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
| run: mvn -V -s settings.xml -Prelease clean package verify source:jar javadoc:jar gpg:sign deploy -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
| - name: SARIF Multitool | |
| uses: microsoft/sarif-actions@v0.1 | |
| with: | |
| # Command to be sent to SARIF Multitool | |
| command: 'validate core/target/test-reports/Report.sarif' | |
| - name: Archive IT test logs | |
| id: archive-logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: it-test-logs | |
| retention-days: 7 | |
| path: maven/target/it/**/build.log | |
| - name: Archive code coverage results | |
| id: archive-coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-coverage-report | |
| retention-days: 7 | |
| path: | | |
| **/target/jacoco-results/jacoco.xml | |
| **/target/jacoco-results/**/*.html | |
| - name: Archive Snapshot | |
| id: archive-snapshot | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: archive-snapshot | |
| retention-days: 7 | |
| path: | | |
| **/target/*.asc | |
| **/target/*.jar | |
| **/target/*.pom | |
| ant/target/*.zip | |
| cli/target/*.zip | |
| publish_coverage: | |
| name: publish code coverage reports | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Download coverage reports | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code-coverage-report | |
| - name: Run codacy-coverage-reporter | |
| uses: codacy/codacy-coverage-reporter-action@master | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml | |
| docker: | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| name: Build and Test Docker | |
| runs-on: ubuntu-latest | |
| needs: build | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Check Maven Cache | |
| id: maven-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Download release build | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: archive-snapshot | |
| - name: Build Docker Image | |
| run: ./build-docker.sh | |
| - name: build scan target | |
| run: mvn -V -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode | |
| - name: Test Docker Image | |
| run: ./test-docker.sh |