Merge tag 'v2.0.0'

[maven-release-plugin] copy for tag v2.0.0

.github/workflows/build.yml

@@ -3,70 +3,45 @@ on:
     branches:
     - main
     - develop
+    - release-*
   pull_request:
     types: [opened, synchronize, reopened]
     branches:
     - main
     - develop
+    - release-*
   workflow_dispatch:
 name: Build and Test Code
 jobs:
   build-artifacts:
-    name: Build and Test Java Artifacts
+    name: Build Java Artifacts
     runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
       security-events: write
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
       with:
         token: ${{ github.token }}
         submodules: recursive
-        fetch-depth: 0
     # -------------------------
-    # Java JDK 11
-    - name: Set up JDK 11
-      uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3.3.0
+    # Java Environment Setup
+    # -------------------------
+    - name: Set up Maven
+      uses: stCarolas/setup-maven@07fbbe97d97ef44336b7382563d66743297e442f
+      with:
+        maven-version: 3.9.3
+    - name: Set up JDK 11 (build only)
+      if: ${{ !((github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref_name == 'develop') }}
+      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
       with:
         java-version: 11
         distribution: 'temurin'
         cache: 'maven'
-    - name: Initialize CodeQL
-      if: github.event_name == 'push'
-      uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.1.12
-      with:
-        languages: java
-    # -------------------------
-    # Maven Build
-    - name: Build and run tests (develop)
-      id: maven-build-develop
-      if: ((github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref_name == 'develop') || (github.event_name == 'pull_request' && github.base_ref == 'develop')
-      run: |
-        mvn -Preporting verify
-    - name: Build and run tests (main)
-      if: steps.maven-build-develop.conclusion == 'skipped'
-      run: |
-        mvn -Prelease -Preporting verify
-    - name: Perform CodeQL Analysis
-      if: github.event_name == 'push'
-      uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.1.12
-  deploy-snapshot:
-    name: Deploy SNAPSHOT Release
-    if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref_name == 'develop'
-    needs: build-artifacts
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-    steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
-      with:
-        token: ${{ github.token }}
-        submodules: recursive
-    # -------------------------
-    # Java JDK 11
-    - name: Set up JDK 11
-      uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3.3.0
+    - name: Set up JDK 11 (deploy)
+      if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref_name == 'develop'
+      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
       with:
         java-version: 11
         distribution: 'temurin'
@@ -76,13 +51,30 @@ jobs:
         server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
         gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Value of the GPG private key to import
         gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
+    - name: Initialize CodeQL
+      if: github.event_name == 'push'
+      uses: github/codeql-action/init@46ed16ded91731b2df79a2893d3aea8e9f03b5c4
+      with:
+        languages: java
     # -------------------------
-    # Maven Deploy
+    # Maven Build
     # -------------------------
-    - name: Deploy Maven Artifact SNAPSHOTs
+    - name: Build and Test Code
+      if: ${{ !((github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref_name == 'develop') }}
+      run: |
+        mvn -B -e -Prelease -Preporting install
+    - name: Build, Test and DEPLOY SNAPSHOT Code
+      if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref_name == 'develop'
       run: |
-        mvn -Pgpg -Preporting deploy
+        mvn -B -e -Pgpg -Prelease -Preporting deploy -Dmaven.deploy.skip=releases
       env:
         MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
         MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_PASSWORD }}
         MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+    - name: Perform CodeQL Analysis
+      if: github.event_name == 'push'
+      uses: github/codeql-action/analyze@46ed16ded91731b2df79a2893d3aea8e9f03b5c4
+    - name: Test Website
+      run: |
+        # this needs to be run as a second build to ensure source is fully generated by the previous step
+        mvn -B -e -Prelease -Preporting install site site:stage

.github/workflows/release.yml

@@ -2,6 +2,7 @@ on:
   push:
     tags:
     - "v*"
+  workflow_dispatch:
 name: Deploy Tagged Release
 jobs:
   deploy-to-nexus:
@@ -11,44 +12,46 @@ jobs:
       actions: read
       contents: write
     steps:
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.0.2
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
       with:
         token: ${{ github.token }}
         submodules: recursive
-        fetch-depth: 0
     # -------------------------
-    # Java JDK 11
+    # Java
+    # -------------------------
+    - name: Set up Maven
+      uses: stCarolas/setup-maven@07fbbe97d97ef44336b7382563d66743297e442f
+      with:
+        maven-version: 3.9.3
     - name: Set up JDK 11
-      uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3.3.0
+      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
       with:
         java-version: 11
         distribution: 'temurin'
         cache: 'maven'
-        settings-path: ${{ github.workspace }}
         server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
         server-username: MAVEN_USERNAME # env variable for username in deploy
         server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
         gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Value of the GPG private key to import
         gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
     # -------------------------
-    # Maven Site
-    # -------------------------
-#    - name: Build Website
-#      run: |
-#          mvn -Preporting -Prelease package site site:stage
-#      working-directory: ${{ env.REPO_PATH }}
-#    - name: Run deploy script
-#      run: |
-#        touch target/staging/.nojekyll
-#        bash .github/workflows/deploy.sh --push-only -v -m "Deploying website [ci skip]"
-    # -------------------------
     # Maven Deploy
     # -------------------------
     - name: Deploy Maven Artifacts
       run: |
-        mvn -s $GITHUB_WORKSPACE/settings.xml -Pgpg -Prelease -Preporting deploy
+        mvn -B -e -Pgpg -Prelease -Preporting deploy
         # mvn -Pgpg -Prelease nexus-staging:close -DstagingDescription="closing to release"
       env:
         MAVEN_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
         MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_PASSWORD }}
         MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+    # -------------------------
+    # Maven Site
+    # -------------------------
+    - name: Build Website
+      run: |
+        mvn -B -e -Prelease -Preporting install site site:stage
+    - name: Run Website Deploy Script
+      run: |
+        touch target/staging/.nojekyll
+        bash .github/workflows/deploy.sh --push-only -v -m "Deploying website [ci skip]"

.gitignore

@@ -5,6 +5,7 @@
 .factorypath
 .pmd
 .pmdruleset.xml
-/target/
+target/
 pom.xml.releaseBackup
-/release.properties
+release.properties
+.fbExcludeFilterFile

README.md

@@ -70,7 +70,7 @@ Files.createDirectories(outDir);
 serializer.serialize(catalog, outDir.resolve("test-catalog.yaml"));
 ```
 
-The [full code](src/test/java/gov/nist/secauto/oscal/java/ExamplesTest.javasrc/test/java/gov/nist/secauto/oscal/java/ExamplesTest.java) for this example is also available.
+The [full code](src/test/java/gov/nist/secauto/oscal/java/ExamplesTest.java) for this example is also available.
 
 ## Contact us