renovatebot(deps): update node.js to v23.6.1 #6414
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Analysis | |
env: | |
JAVA_OPTS: "-Xms512m -Xmx6048m -Xss128m -XX:ReservedCodeCacheSize=512m -server" | |
GRADLE_OPTS: "-Xms512m -Xmx6048m -Xss128m -XX:ReservedCodeCacheSize=512m -server" | |
GRADLE_BUILD_OPTIONS: "--no-daemon -x check -x test -x javadoc --configure-on-demand --max-workers=8 --no-configuration-cache -DskipAot=true" | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# GRADLE_BUILDCACHE_USER: ci | |
# GRADLE_BUILDCACHE_PSW: ${{ secrets.GRADLE_BUILDCACHE_PSW }} | |
GH_PACKAGE_REGISTRY_USER: ${{ secrets.GH_PACKAGE_REGISTRY_USER }} | |
GH_PACKAGE_REGISTRY_TOKEN: ${{ secrets.GH_PACKAGE_REGISTRY_TOKEN }} | |
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} | |
TERM: xterm-256color | |
JDK_CURRENT: 21 | |
JDK_DISTRIBUTION: "corretto" | |
########################################################################## | |
concurrency: | |
group: "workflow = ${{ github.workflow }}, ref = ${{ github.event.ref }}, pr = ${{ github.event.pull_request.id }}" | |
cancel-in-progress: ${{ github.event_name == 'pull_request' || github.repository != 'apereo/cas' }} | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
- '!**.**.**' | |
- '!heroku-*' | |
pull_request: | |
types: [ labeled ] | |
branches: [ master, pr-* ] | |
########################################################################## | |
jobs: | |
trigger-ci: | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'CI')) }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Trigger CI | |
run: echo "CI Triggered" | |
initialize: | |
needs: [trigger-ci] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JDK_CURRENT }} | |
distribution: ${{ env.JDK_DISTRIBUTION }} | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Initialize | |
run: ls ./ci && find ./ci -type f -name "*.sh" -exec chmod +x "{}" \; && ./ci/init-build.sh | |
########################################################################## | |
static-analysis: | |
runs-on: ubuntu-latest | |
needs: [initialize] | |
continue-on-error: false | |
strategy: | |
matrix: | |
category: | |
- checkstyleMain | |
- checkstyleTest | |
name: Code Style ${{ matrix.category }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JDK_CURRENT }} | |
distribution: ${{ env.JDK_DISTRIBUTION }} | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Initialize | |
run: find ./ci -type f -name "*.sh" -exec chmod +x "{}" \; && ./ci/init-build.sh | |
- name: Run Analysis | |
run: ./gradlew --build-cache --no-watch-fs --configure-on-demand --parallel --no-daemon ${{ matrix.category }} -x test -x javadoc -DskipNestedConfigMetadataGen=true -Dverbose=true --max-workers=8 | |
########################################################################## | |
codeql-analysis: | |
name: CodeQL Analysis | |
runs-on: ubuntu-latest | |
needs: [ initialize ] | |
continue-on-error: true | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JDK_CURRENT }} | |
distribution: ${{ env.JDK_DISTRIBUTION }} | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
with: | |
develocity-access-key: ${{ env.DEVELOCITY_ACCESS_KEY }} | |
develocity-token-expiry: 4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: java | |
queries: security-and-quality | |
- name: Build | |
run: ./gradlew build ${{ env.GRADLE_BUILD_OPTIONS }} | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
########################################################################## | |
validate-codebase: | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.head_ref, 'renovate') }} | |
needs: [initialize] | |
continue-on-error: false | |
strategy: | |
fail-fast: false | |
matrix: | |
check: | |
- CheckAsyncAnnotationInInterface | |
- CheckDuplicateGradleConfiguration | |
- CheckFunctionalConditionUsage | |
- CheckDuplicateTestConfiguration | |
- CheckMissingUtilityClassAnnotation | |
- CheckRedundantTestConfigurationInheritance | |
- CheckSpringConfigurationBeanProxying | |
- CheckSpringConfigurationFactories | |
- CheckMissingTestTagAnnotation | |
- CheckEnforceLombokAnnotations | |
- CheckImportAutoConfiguration | |
- CheckRequiredModuleAnnotationReferences | |
- CheckMixingSpringBeanWithDependencyInjection | |
- CheckMissingPuppeteerConfig | |
- CheckSpringConfigurationConditionals | |
- CheckMissingConditionalOnFeature | |
- CheckPuppeteerScenarioScriptConfiguration | |
- CheckMissingConditionalOnMissingBean | |
- CheckNativeRuntimeHints | |
name: ${{ matrix.check }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ env.JDK_CURRENT }} | |
distribution: ${{ env.JDK_DISTRIBUTION }} | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Initialize | |
run: find ./ci -type f -name "*.sh" -exec chmod +x "{}" \; && ./ci/init-build.sh | |
- name: Validate Codebase | |
run: java ./ci/checks/${{ matrix.check }}.java . | |
########################################################################## |