chore(deps): update dependency org.kordamp.maven:pomchecker-maven-plugin to v1.14.0 #322
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request Verification and Security Scan | |
on: | |
pull_request: | |
jobs: | |
verify: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
java: [17] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up Maven Central Repository | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: 'adopt' | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Build, test, verify and send to Sonarcloud | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B -Pcoverage -Djdk.version=${{ matrix.java }} verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
- name: Scan with OWASP | |
if: always() # do not skip this step if Sonarcloud/verify fails the mvn build | |
run: mvn -B -Powasp dependency-check:check | |
- name: Upload scan results as SARIF report to GitHub Security Tab | |
uses: github/codeql-action/upload-sarif@v3 | |
if: always() # do not skip this step if OWASP fails the mvn build | |
with: | |
sarif_file: target/dependency-check-report.sarif |