build(deps): bump org.codehaus.mojo:extra-enforcer-rules from 1.11.0 … #1955
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy Snapshot | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '*.md' # Ignore only in root; we generally want to run build for `site/` changes | |
| - '**/README.md' # Ignore all READMEs | |
| - '.github/**/*.md' # Ignore github config | |
| permissions: {} | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc | |
| jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using | |
| fail-fast: false | |
| name: Build and Test (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }}) | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install gpg secret key | |
| if: matrix.jdk_test_version == matrix.jdk_default_version && github.repository_owner == 'dependency-check' | |
| id: install-gpg-key | |
| run: | | |
| cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import | |
| gpg --list-secret-keys --keyid-format LONG | |
| - uses: actions/checkout@v6 | |
| - name: Maven Integration Test Cache | |
| id: maven-it-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: maven/target/local-repo | |
| key: mvn-it-repo | |
| - name: Check ODC Data Cache | |
| id: odc-data-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: core/target/data | |
| key: odc-data | |
| - uses: actions/[email protected] | |
| with: | |
| dotnet-version: '8.0.x' | |
| - name: Set up JDKs | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: | # last version takes precedence as default | |
| ${{ matrix.jdk_test_version }} | |
| ${{ matrix.jdk_default_version }} | |
| distribution: 'zulu' | |
| check-latest: true | |
| cache: 'maven' | |
| cache-dependency-path: '**/pom.xml' | |
| server-id: central | |
| server-username: ${{ secrets.CENTRAL_USER }} | |
| server-password: ${{ secrets.CENTRAL_PASSWORD }} | |
| - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0 | |
| with: | |
| version: 6.0.2 | |
| - name: Build/Test Snapshot with Maven${{ steps.install-gpg-key.outcome == 'success' && ' (then Deploy)' || '' }} | |
| id: build-snapshot | |
| env: | |
| MAVEN_USERNAME: ${{ secrets.CENTRAL_USER }} | |
| MAVEN_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }} | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSWORD }} | |
| NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
| run: > | |
| mvn -V -s settings.xml | |
| clean verify -PFullIntegrationTesting | |
| -Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64" | |
| ${{ matrix.jdk_test_version == matrix.jdk_default_version && 'source:jar javadoc:jar site' || '' }} | |
| ${{ steps.install-gpg-key.outcome == 'success' && '-Prelease gpg:sign deploy' || '' }} | |
| --no-transfer-progress --batch-mode -Dstyle.color=always | |
| - name: SARIF Multitool | |
| uses: microsoft/[email protected] | |
| with: | |
| # Command to be sent to SARIF Multitool | |
| command: 'validate core/target/test-reports/Report.sarif' | |
| - name: Archive IT test logs | |
| id: archive-logs | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: it-test-logs-jdk-${{ matrix.jdk_test_version }} | |
| retention-days: 7 | |
| path: maven/target/it/**/build.log | |
| - name: Archive code coverage results | |
| if: matrix.jdk_test_version == matrix.jdk_default_version | |
| id: archive-coverage | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: code-coverage-report | |
| retention-days: 7 | |
| path: | | |
| **/target/jacoco-results/jacoco.xml | |
| **/target/jacoco-results/**/*.html | |
| - name: Archive Snapshot | |
| if: matrix.jdk_test_version == matrix.jdk_default_version | |
| id: archive-snapshot | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: archive-snapshot | |
| retention-days: 7 | |
| path: | | |
| **/target/*.asc | |
| **/target/*.jar | |
| **/target/*.pom | |
| ant/target/*.zip | |
| cli/target/*.zip | |
| docker: | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| name: Build and Test Docker | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '25' | |
| distribution: 'zulu' | |
| check-latest: true | |
| cache: 'maven' | |
| cache-dependency-path: '**/pom.xml' | |
| - name: Download release build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: archive-snapshot | |
| - name: Set up Docker | |
| uses: docker/setup-docker-action@v5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Build Docker Image | |
| run: ./docker-build.sh | |
| - name: build scan target | |
| run: > | |
| mvn -V -s settings.xml -pl cli -am | |
| package -DskipTests=true | |
| --no-transfer-progress --batch-mode -Dstyle.color=always | |
| - name: Test Docker Image | |
| run: ./docker-test.sh |