Bump github/codeql-action from 3.27.0 to 3.27.5 #709
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle | |
name: Build | |
on: | |
push: | |
branches: [ main ] | |
tags: [ "v*.*.*" ] | |
pull_request: | |
branches: [ main ] | |
schedule: | |
- cron: "39 5 1,15 * *" | |
workflow_dispatch: | |
inputs: | |
publish_artifacts: | |
description: "Publish snapshot artifacts: true or false?" | |
default: "true" | |
permissions: | |
contents: read | |
jobs: | |
build_linux: | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 | |
- name: Fetch version history | |
# Do NOT want to fetch all tags if building a specific tag. | |
# Doing so could result in code published with wrong version, if newer tags have been pushed | |
if: (!startsWith(github.ref, 'refs/tags/')) | |
run: git fetch --tag --unshallow | |
- name: Set up JDK | |
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 | |
with: | |
gradle-home-cache-cleanup: true | |
- name: Build | |
env: | |
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
run: ./gradlew build coveralls | |
- name: Upload Checkstyle reports | |
if: failure() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: checkstyle-reports-linux | |
path: '**/build/reports/checkstyle/*.xml' | |
retention-days: 5 | |
- name: Upload Spotbugs reports | |
if: failure() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: spotbugs-reports-linux | |
path: '**/build/reports/spotbugs/*.xml' | |
retention-days: 5 | |
- name: Upload Test Results | |
if: failure() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: test-results-linux | |
path: '**/build/test-results/**/*.xml' | |
retention-days: 5 | |
- name: Publish | |
if: github.event_name == 'push' || github.event.inputs.publish_artifacts == 'true' | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }} | |
ORG_GRADLE_PROJECT_SONA_USERNAME: ${{ secrets.SONA_USERNAME }} | |
ORG_GRADLE_PROJECT_SONA_PASSWORD: ${{ secrets.SONA_PASSWORD }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
./gradlew cV | |
./gradlew publish closeAndReleaseStagingRepository | |
- name: Publish to Gradle Plugins Portal | |
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha') | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }} | |
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | |
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | |
run: | | |
./gradlew -Dgradle.publish.key="$GRADLE_PUBLISH_KEY" -Dgradle.publish.secret="$GRADLE_PUBLISH_SECRET" publishPlugins | |
# Until Creek fully supports Windows, minimal check: | |
build_windows: | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 | |
- name: Set up JDK | |
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 | |
with: | |
gradle-home-cache-cleanup: true | |
- name: Build | |
run: ./gradlew.bat build -PexcludeContainerised | |
- name: Upload Checkstyle reports | |
if: failure() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: checkstyle-reports-win | |
path: '**/build/reports/checkstyle/*.xml' | |
retention-days: 5 | |
- name: Upload Spotbugs reports | |
if: failure() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: spotbugs-reports-win | |
path: '**/build/reports/spotbugs/*.xml' | |
retention-days: 5 | |
- name: Upload Test Results | |
if: failure() | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: test-results-win | |
path: '**/build/test-results/**/*.xml' | |
retention-days: 5 | |
create-gh-release: | |
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha') | |
needs: [build_linux, build_windows] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.0 | |
- name: Create GitHut Release | |
uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v0.1.15 | |
with: | |
generate_release_notes: true |