This repository has been archived by the owner on Mar 4, 2024. It is now read-only.
chore(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.1.2 to 3.2.2 #270
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Automation | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - ready_for_review | |
| paths-ignore: | |
| - "**.md" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| pr-validation: | |
| name: Pull Request Validation | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Pull request size and stability labels | |
| uses: actions/labeler@v4 | |
| continue-on-error: true | |
| with: | |
| repo-token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Conventional Label | |
| uses: bcoe/conventional-release-labels@v1 | |
| continue-on-error: true | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ignored_types: '["chore","pr"]' | |
| type_labels: '{"feat": "feature", "fix": "fix", "bug": "fix", "doc": "documentation", "ci": "ci", "chore": "chore", "breaking": "breaking", "BREAKING CHANGE": "breaking"}' | |
| - name: Checkout branch | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: refs/heads/${{ github.head_ref }} | |
| - name: Conventional Changelog Update | |
| continue-on-error: true | |
| uses: TriPSs/conventional-changelog-action@v3 | |
| id: changelog | |
| with: | |
| github-token: ${{ github.token }} | |
| output-file: 'CHANGELOG.md' | |
| skip-version-file: 'true' | |
| skip-commit: 'true' | |
| git-push: 'false' | |
| git-branch: refs/heads/${{ github.head_ref }} | |
| - name: Checkout pr | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Comment PR | |
| continue-on-error: true | |
| uses: thollander/actions-comment-pull-request@v2 | |
| if: ${{ steps.changelog.outputs.skipped == 'false' }} | |
| with: | |
| message: | | |
| # Current changelog | |
| ${{ steps.changelog.outputs.clean_changelog }} | |
| _(execution **${{ github.run_id }}** / attempt **${{ github.run_attempt }}**)_ | |
| comment_tag: execution | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| code-check: | |
| name: Code check | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - pr-validation | |
| permissions: | |
| security-events: write | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Cache Maven | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven-test- | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| cache: "maven" | |
| - name: Code Coverage | |
| run: mvn -B clean verify -P all-tests --file pom.xml | |
| - name: Add coverage to PR | |
| id: jacoco | |
| uses: madrapps/[email protected] | |
| with: | |
| paths: target/coverage-reports/merged-test-report/jacoco.xml | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| min-coverage-overall: 70 | |
| min-coverage-changed-files: 70 | |
| - name: Publish Test Report | |
| uses: mikepenz/action-junit-report@v3 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| report_paths: 'target/**/TEST-*.xml' | |
| - name: Generate JaCoCo Badge | |
| uses: cicirello/jacoco-badge-generator@v2 | |
| with: | |
| generate-branches-badge: true | |
| jacoco-csv-file: target/coverage-reports/merged-test-report/jacoco.csv | |
| - name: Log coverage percentage | |
| run: | | |
| echo "coverage = ${{ steps.jacoco.outputs.coverage }}" | |
| echo "branch coverage = ${{ steps.jacoco.outputs.branches }}" | |
| - name: Upload JaCoCo coverage report | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: jacoco-report | |
| path: target/coverage-reports/merged-test-report/ | |
| - name: Qualitygate | |
| run: mvn -B clean verify -P all-tests package sonar:sonar -Dsonar.projectKey=paulushcgcj_simple-webflux -Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml --file pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| trivy: | |
| name: Repository Report | |
| if: github.event_name != 'pull_request' || !github.event.pull_request.draft | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| security-events: write | |
| contents: read | |
| pull-requests: write | |
| needs: | |
| - pr-validation | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Run Trivy vulnerability scanner in repo mode | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: "fs" | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| ignore-unfixed: true | |
| severity: "CRITICAL,HIGH" | |
| scanners: "vuln,secret,config" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| security: | |
| name: Security checks | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| contents: read | |
| pull-requests: write | |
| needs: | |
| - pr-validation | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Cache Maven | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven-test- | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| cache: "maven" | |
| - name: Code Compilation | |
| run: mvn -B clean compile --file pom.xml | |
| - name: Run Snyk to check for vulnerabilities | |
| uses: snyk/actions/maven@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: --severity-threshold=high --sarif-file-output=snyk.sarif | |
| vulnerability: | |
| name: Vulnerability checks | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| contents: read | |
| pull-requests: write | |
| needs: | |
| - code-check | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Cache Maven | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-maven-test- | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: java | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| cache: "maven" | |
| - name: Code Compilation | |
| run: mvn -B clean compile --file pom.xml | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 |