Skip to content

chore(deps): bump github/codeql-action from 2.22.6 to 3.24.0 #253

chore(deps): bump github/codeql-action from 2.22.6 to 3.24.0

chore(deps): bump github/codeql-action from 2.22.6 to 3.24.0 #253

Workflow file for this run

---
#
# Copyright (c) 2023 T-Systems International GmbH
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#
name: "Build"
on:
# Runs automatically on main and release branches
push:
branches:
- main
- 'release/*'
# Can be scheduled on all branches and version tags
tags:
- 'v*.*.*'
- 'v*.*.*-*'
# Runs automatically on all code-related PRs to main and release branches
pull_request:
branches:
- main
- 'release/*'
paths-ignore:
- 'charts/**'
- 'docs/**'
- '**/*.md'
# Manual workflow trigger
workflow_dispatch:
inputs:
deploy_maven:
description: 'whether maven packages should be deployed (default: false)'
default: 'false'
required: false
type: string
deploy_docker:
description: 'whether docker images should be deployed (default: true)'
default: 'true'
required: false
type: string
# If build is triggered several times, e.g., through subsequent pushes
# into the same PR, cancel the previous runs, see below
concurrency:
# cancel only running jobs on pull requests
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
# Actual build/deploy logic
jobs:
# Build maven and docker stuff
build:
name: Build/Deploy Maven & Docker Artifacts
runs-on: ubuntu-latest
permissions: write-all
strategy:
fail-fast: false
steps:
# Determine the right target docker repo
- name: Check github repository and set docker repo
id: set-docker-repo
run: |
echo "REGISTRY=docker.io" >> $GITHUB_OUTPUT;
echo "REPO=tractusx" >> $GITHUB_OUTPUT;
if [ "${{ github.repository }}" != "eclipse-tractusx/knowledge-agents-edc" ];
then
echo "REGISTRY=ghcr.io" >> $GITHUB_OUTPUT
echo "REPO=ghcr.io/${{ github.repository }}" >> $GITHUB_OUTPUT
fi
exit 0
# Get the Code
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
# Setup build environment
- uses: ./.github/actions/setup-java
# Enable deployment access (on demand or main branch and version tags only)
- name: Login to GitHub Container Registry
if: ${{ ( github.event.inputs.deploy_docker == 'true' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') ) }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ steps.set-docker-repo.outputs.REGISTRY }}
# Use existing DockerHub credentials present as secrets
username: ${{ secrets.DOCKER_HUB_USER || github.actor }}
password: ${{ secrets.DOCKER_HUB_TOKEN || secrets.GITHUB_TOKEN }}
# Run Maven Deploy (on demand or if either running on main or a version tag)
- name: Deploy Java via Maven
if: ${{ ( github.event.inputs.deploy_maven == 'true' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') ) }}
run: |
./mvnw -s settings.xml deploy -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/${{ github.repository }}
env:
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Run Maven Install (otherwise)
- name: Build Java via Maven
if: ${{ ( github.event.inputs.deploy_maven != 'true' && github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/v') ) }}
run: |
./mvnw -s settings.xml install
env:
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Create SemVer or ref tags dependent of trigger event
- name: Docker Meta Agent Plane Hashicorp
id: meta-hash
uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
with:
images: |
${{ steps.set-docker-repo.outputs.REPO }}/agentplane-hashicorp
# Automatically prepare image tags; See action docs for more examples.
# semver patter will generate tags like these for example :1 :1.2 :1.2.3
tags: |
type=sha,event=branch
type=sha,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=1.11.16-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
- name: Agent Plane Hashicorp Container Build and push
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: agent-plane/agentplane-hashicorp
file: agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
# Build image for verification purposes on every trigger event. Only push if event is not a PR
push: ${{ ( github.event.inputs.deploy_docker == 'true' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') ) }}
tags: ${{ steps.meta-hash.outputs.tags }}
labels: ${{ steps.meta-hash.outputs.labels }}
# Important step to push image description to DockerHub - since this is version independent, we always take it from main
- name: Update Docker Hub description for Agent Plane Hashicorp
if: ${{ steps.set-docker-repo.outputs.REPO == 'docker.io' && github.ref == 'refs/heads/main' }}
uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2
with:
readme-filepath: agent-plane/agentplane-hashicorp/README.md
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
repository: ${{ steps.set-docker-repo.outputs.REPO }}/agentplane-hashicorp
# Create SemVer or ref tags dependent of trigger event
- name: Docker Meta Agent Plane Azure Vault
id: meta-azr
uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
with:
images: |
${{ steps.set-docker-repo.outputs.REPO }}/agentplane-azure-vault
# Automatically prepare image tags; See action docs for more examples.
# semver patter will generate tags like these for example :1 :1.2 :1.2.3
tags: |
type=sha,event=branch
type=sha,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=1.11.16-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
- name: Agent Plane Azure Vault Container Build and push
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: agent-plane/agentplane-azure-vault/.
file: agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
# Build image for verification purposes on every trigger event. Only push if event is not a PR
push: ${{ ( github.event.inputs.deploy_docker == 'true' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') ) }}
tags: ${{ steps.meta-azr.outputs.tags }}
labels: ${{ steps.meta-azr.outputs.labels }}
# Important step to push image description to DockerHub - since this is version independent, we always take it from main
- name: Update Docker Hub description for Agent Plane Azure Vault
if: ${{ steps.set-docker-repo.outputs.REPO == 'docker.io' && github.ref == 'refs/heads/main' }}
uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2
with:
readme-filepath: agent-plane/agentplane-azure-vault/README.md
username: ${{ secrets.DOCKER_HUB_USER || github.actor }}
password: ${{ secrets.DOCKER_HUB_TOKEN || secrets.GITHUB_TOKEN }}
repository: ${{ steps.set-docker-repo.outputs.REPO }}/agentplane-azure-vault