From c4aad4cb2eef95a1beebda1c5c28e540e16ffaab Mon Sep 17 00:00:00 2001 From: viral32111 <19510403+viral32111@users.noreply.github.com> Date: Wed, 26 Jul 2023 18:21:14 +0100 Subject: [PATCH] Setup Dependabot & CI/CodeQL workflows --- .github/dependabot.yml | 14 +++++++ .github/workflows/ci.yml | 73 ++++++++++++++++++++++++++++++++++++ .github/workflows/codeql.yml | 47 +++++++++++++++++++++++ 3 files changed, 134 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5ffeebd --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +version: 2 +updates: + + # Workflows + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + + # Project + - package-ecosystem: gradle + directory: / + schedule: + interval: monthly diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..62cdcf1 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,73 @@ +name: CI + +on: + push: + paths: + - 'gradle/**' + - 'gradle*' + - 'src/**' + - '*.gradle.kts' + - 'gradle.properties' + - '.github/workflows/ci.yml' + branches: + - '**' + tags: + - '*.*.*' + workflow_dispatch: + +env: + ARTIFACT_NAME: library + +jobs: + build: + name: Build + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: read + steps: + - name: Clone repository + uses: actions/checkout@v3 + + - name: Setup Java + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: temurin + + - name: Build project + uses: gradle/gradle-build-action@v2 + env: + GHPKG_USER: ${{ github.repository_owner }} + GHPKG_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + arguments: build + cache-disabled: true + + - name: Upload build artifact + uses: actions/upload-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ./build/libs/*.jar + + release: + name: Release + runs-on: ubuntu-22.04 + needs: build + if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} + permissions: + contents: write + steps: + - name: Download build artifact + uses: actions/download-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ./artifact/ + + - name: Create draft release + uses: softprops/action-gh-release@v1 + with: + draft: true + tag_name: ${{ github.ref_name }} + files: ./artifact/*.jar + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..70efe13 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,47 @@ +name: CodeQL + +on: + push: + paths: + - '**' + branches: + - '**' + schedule: + - cron: '0 0 * * 0' + +jobs: + codeql: + name: CodeQL + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + packages: read + security-events: write + steps: + - name: Clone repository + uses: actions/checkout@v3 + + - name: Setup Java + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: temurin + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: java + tools: latest + + - name: Build project + uses: gradle/gradle-build-action@v2 + env: + GHPKG_USER: ${{ github.repository_owner }} + GHPKG_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + arguments: build + cache-disabled: true + + - name: Perform CodeQL analysis + uses: github/codeql-action/analyze@v2