Skip to content
Java CI

Merge pull request #330 from red6/dependabot/github_actions/github/co… #1071

Sign in to view logs

Merge pull request #330 from red6/dependabot/github_actions/github/co…

Merge pull request #330 from red6/dependabot/github_actions/github/co… #1071

Workflow file for this run

.github/workflows/build.yml at 2aa1e1d
name: Java CI
on:
push:
branches:
- master
- 'release/*'
pull_request:
types: [ opened, synchronize, reopened ]
pull_request_target:
types: [ opened, synchronize, reopened ]
jobs:
build-dmn-check:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
- name: Checkout
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: '17'
distribution: 'adopt'
cache: maven
- name: Build with Maven
run: mvn clean install -P checkerframework
sonarcloud:
runs-on: ubuntu-latest
# If the PR is coming from a fork (pull_request_target), ensure it's opened by "dependabot[bot]".
# Otherwise, clone it normally.
if: |
(github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') ||
(github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]')
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
allowed-endpoints: sonarcloud.io:443
- name: Checkout
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: '17'
distribution: 'adopt'
- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B verify jacoco:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=red6_dmn-check
build-gradle-plugin:
runs-on: ubuntu-latest
needs: build-dmn-check
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
- name: Checkout
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
java-version: '17'
distribution: 'adopt'
cache: maven
- name: Build with Gradle
run: cd gradle-plugin && ./gradlew build