Skip to content
This repository has been archived by the owner on Mar 4, 2024. It is now read-only.
Merge to Main

chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin #50

Sign in to view logs

chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin

chore(deps): bump org.cyclonedx:cyclonedx-maven-plugin #50

Workflow file for this run

.github/workflows/merge-main.yml at 81e35d7
name: Merge to Main
on:
push:
branches:
- main
paths-ignore:
- "**.md"
workflow_dispatch:
jobs:
codeql:
name: Semantic Code Analysis
runs-on: ubuntu-22.04
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize
uses: github/codeql-action/init@v2
with:
languages: java
- name: Set up JDK 17 and Caching maven dependencies
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "17"
cache: "maven"
- name: Build for Java
run: mvn -B clean package --file pom.xml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
sonarcloud:
name: Static Analysis
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Cache Maven
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-test-
- name: Cache SonarCloud packages
uses: actions/cache@v2
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
distribution: "temurin"
java-version: "17"
cache: "maven"
- name: Qualitygate
run: mvn -B clean verify -P all-tests package sonar:sonar -Dsonar.projectKey=paulushcgcj_simple-webflux -Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml --file pom.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
trivy-repo:
name: Repository Report
needs:
- codeql
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/[email protected]
with:
scan-type: "fs"
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
severity: "CRITICAL,HIGH"
scanners: "vuln,secret,config"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
discussions: write
needs:
- codeql
- sonarcloud
- trivy-repo
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Cache Maven
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-maven-test-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-test-
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
distribution: "temurin"
java-version: "17"
cache: "maven"
- name: Conventional Changelog Update
uses: TriPSs/conventional-changelog-action@v3
id: changelog
with:
github-token: ${{ secrets.PAT }}
output-file: 'CHANGELOG.md'
skip-version-file: 'true'
skip-commit: 'true'
git-push: 'true'
- name: Create Release
uses: softprops/action-gh-release@v1
if: ${{ steps.changelog.outputs.tag != '' }}
env:
GITHUB_TOKEN: ${{ github.token }}
with:
token: ${{ secrets.PAT }}
tag_name: ${{ steps.changelog.outputs.tag }}
name: ${{ steps.changelog.outputs.tag }}
body: ${{ steps.changelog.outputs.clean_changelog }}