Bump org.codehaus.mojo:license-maven-plugin from 2.4.0 to 2.5.0 #405
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Maven | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Test with Java ${{ matrix.jdk }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| # contents: read # for actions/checkout to fetch code | |
| # security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| pull-requests: write # for JaCoCo report being attached to PR | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| jdk: ['8', '11', '17', '21', '23'] | |
| vendor: ['temurin'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK ${{ matrix.jdk }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: ${{ matrix.vendor }} | |
| java-version: ${{ matrix.jdk }} | |
| cache: 'maven' | |
| - name: Maven Package | |
| run: mvn package | |
| - name: Maven Verify | |
| run: mvn -B verify spotbugs:check jacoco:report | |
| - name: Add coverage to PR | |
| id: jacoco | |
| uses: madrapps/[email protected] | |
| if: ${{ matrix.jdk == '11' }} | |
| with: | |
| paths: | | |
| ${{ github.workspace }}/**/target/surefire-reports/TEST-*.xml | |
| ${{ github.workspace }}/aggregate-report/target/site/jacoco-aggregate/jacoco.xml | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| min-coverage-overall: 70 | |
| min-coverage-changed-files: 75 | |
| - name: Upload JaCoCo Coverage | |
| if: ${{ matrix.jdk == '11' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: jacoco.html | |
| path: ${{ github.workspace }}/aggregate-report/target/site/jacoco-aggregate/index.html | |
| overwrite: true | |
| - name: JaCoCo Coverage | |
| if: ${{ matrix.jdk == '11' && steps.jacoco.outputs.coverage-overall != '' }} | |
| run: | | |
| echo "Total coverage ${{ steps.jacoco.outputs.coverage-overall }}" | |
| echo "Changed Files coverage ${{ steps.jacoco.outputs.coverage-changed-files }}" | |
| # - name: Fail PR if overall coverage is less than 80% | |
| # if: ${{ steps.jacoco.outputs.coverage-overall < 80.0 }} | |
| # uses: actions/github-script@v6 | |
| # with: | |
| # script: | | |
| # core.setFailed('Overall coverage is less than 80%!') | |
| analysis: | |
| name: Static Analysis | |
| needs: build | |
| continue-on-error: false | |
| if: ${{ needs.build.result == 'success' && github.ref == 'refs/heads/main' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # for actions/checkout to fetch code | |
| pull-requests: write # for attached results to PR | |
| checks: write | |
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit | |
| fetch-depth: 0 # a full history is required for pull request analysis | |
| ## latest Sonar requires Java 17 or higher | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 17 | |
| cache: maven | |
| - name: Setup Cache for SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| ## todo: use same artifacts from the build job | |
| ## Automatic Analysis is turned off on sonarcloud.io | |
| - name: Maven JaCoCo report & Sonar | |
| run: mvn -B install jacoco:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=barcode4j | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| - name: Copy aggregate JaCoCo Report (for Qodana) | |
| shell: bash | |
| run: | | |
| ls -lha aggregate-report/target/site/jacoco-aggregate/ | |
| mkdir -p .qodana/code-coverage/ | |
| cp -r aggregate-report/target/site/jacoco-aggregate/jacoco.xml .qodana/code-coverage/ | |
| # potentially Qodana could be its own workflow (recommended in the docs) | |
| - name: Qodana Scan | |
| uses: JetBrains/[email protected] | |
| with: | |
| args: --baseline,qodana.sarif.json | |
| fail-threshold: 100 | |
| env: | |
| QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }} | |
| - name: Upload Qodana report to GitHub code scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json | |
| # # This step creates the Checkmarx One scan | |
| # - name: Checkmarx One scan | |
| # uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc | |
| # with: | |
| # base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One | |
| # cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e | |
| # cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e | |
| # cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One | |
| # additional_params: --report-format sarif --output-path . | |
| # - name: Upload SARIF file | |
| # uses: github/codeql-action/upload-sarif@v3 | |
| # with: | |
| # # Path to SARIF file relative to the root of the repository | |
| # sarif_file: cx_result.sarif | |
| # deploy: | |
| # name: Deploy Artifact | |
| # needs: build | |
| # continue-on-error: true | |
| # if: ${{ needs.build.result == 'success' && github.ref == 'refs/heads/main' }} | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - name: Set up JDK 7 | |
| # uses: actions/setup-java@v4 | |
| # with: | |
| # distribution: zulu | |
| # java-version: 7 | |
| # cache: maven | |
| # #server-id: github | |
| # server-id: ossrh | |
| # server-username: MAVEN_USERNAME | |
| # server-password: MAVEN_PASSWORD | |
| # gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import | |
| # gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase | |
| # - name: Maven Deploy (GitHub Packages) | |
| # run: mvn deploy -Prelease,githubPackages -DskipTests=true | |
| # with: | |
| # server-id: github | |
| # env: | |
| # GITHUB_TOKEN: ${{ github.token }} | |
| # - name: Maven Deploy (Maven Central) | |
| # run: mvn deploy -Prelease -DskipTests=true | |
| # env: | |
| # MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | |
| # MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} | |
| # MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} |