Skip to content

Bump github/codeql-action from 3.27.2 to 3.27.3 #1837

Bump github/codeql-action from 3.27.2 to 3.27.3

Bump github/codeql-action from 3.27.2 to 3.27.3 #1837

Workflow file for this run

---
# Copyright 2016-present Thomas Leplus
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This workflow will build a Java project with Maven
# For more information see:
# https://help.github.com/actions/language-and-framework-guides
# /building-and-testing-java-with-maven
name: Maven
on:
push:
pull_request:
schedule:
- cron: "0 0 * * 0"
workflow_dispatch:
permissions:
# Read commit contents
contents: read
env:
MAVEN_OPTS: >
-Dhttps.protocols=TLSv1.2
-Dmaven.repo.local=.m2/repository
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
-Dorg.slf4j.simpleLogger.showDateTime=true
-Djava.awt.headless=true
MAVEN_CLI_OPTS: >
--batch-mode
--errors
--fail-at-end
--show-version
-DinstallAtEnd=true
-DdeployAtEnd=true
jobs:
build:
if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
runs-on: ubuntu-latest
strategy:
matrix:
java: [8, 11, 17, 21]
name: Java ${{ matrix.java }}
steps:
- name: Set REPOSITORY
run: echo "REPOSITORY=${GITHUB_REPOSITORY#*/}" >> "${GITHUB_ENV}"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
distribution: temurin
java-version: ${{ matrix.java }}
gpg-private-key: ${{ secrets.OSSRH_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Build with Maven
env:
MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_PASSPHRASE }}
run: |
if [ -z "${MAVEN_GPG_PASSPHRASE}" ]
then
# Forcing dependency check version to a version compatible
# with Java 8 since version does not matter due to
# dependencyCheck.skip=true. But otherwise Maven initialization
# fails with error: "java.lang.TypeNotPresentException:
# Type org.owasp.dependencycheck.maven.CheckMojo not present".
# shellcheck disable=SC2086
./mvnw ${MAVEN_CLI_OPTS} -DdependencyCheck.version=10.0.4 -DdependencyCheck.skip=true -Dgpg.skip=true verify
else
# Forcing dependency check version to a version compatible
# with Java 8 since version does not matter due to
# dependencyCheck.skip=true. But otherwise Maven initialization
# fails with error: "java.lang.TypeNotPresentException:
# Type org.owasp.dependencycheck.maven.CheckMojo not present".
# shellcheck disable=SC2086
./mvnw ${MAVEN_CLI_OPTS} -DdependencyCheck.version=10.0.4 -DdependencyCheck.skip=true verify
fi
- name: Publish site
env:
GITHUB_TOKEN: ${{ github.token }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
if: ${{ matrix.java == 21 && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
run: |
git config --global user.email \
"${GITHUB_REPOSITORY_OWNER}@users.noreply.github.com"
git config --global user.name "${GITHUB_REPOSITORY_OWNER}"
ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null
ssh-add - <<< "${{ secrets.GH_SSH_PRIVATE_KEY }}"
# shellcheck disable=SC2086
./mvnw ${MAVEN_CLI_OPTS} site site:stage
# shellcheck disable=SC2086
./mvnw ${MAVEN_CLI_OPTS} -X scm-publish:publish-scm
- name: Upload artifacts
if: ${{ matrix.java == 8 }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: ${{ env.REPOSITORY }}
path: target/
- name: Clean up
run: rm "${HOME}/.m2/settings.xml"