Infra: Fix permissions for checkout (#28) #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Backend: PR/main build & test" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request_target: | |
| types: ["opened", "edited", "reopened", "synchronize"] | |
| paths: | |
| - "kafka-ui-api/**" | |
| - "pom.xml" | |
| permissions: # TODO remove when public | |
| checks: write | |
| pull-requests: write | |
| contents: read | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ github.token }} # TODO remove when public | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'zulu' | |
| cache: 'maven' | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Build and analyze pull request target | |
| if: ${{ github.event_name == 'pull_request' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} | |
| HEAD_REF: ${{ github.head_ref }} | |
| BASE_REF: ${{ github.base_ref }} | |
| SKIP_SONAR: "true" # TODO remove when public | |
| run: | | |
| ./mvnw -B -ntp versions:set -DnewVersion=${{ github.event.pull_request.head.sha }} | |
| ./mvnw -B -V -ntp verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Dsonar.skip=${SKIP_SONAR} \ | |
| -Dsonar.projectKey=io.kafbat:kafka-ui_backend \ | |
| -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \ | |
| -Dsonar.pullrequest.branch=$HEAD_REF \ | |
| -Dsonar.pullrequest.base=$BASE_REF | |
| - name: Build and analyze push main | |
| if: ${{ github.event_name == 'push' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} | |
| SKIP_SONAR: "true" # TODO remove when public | |
| run: | | |
| ./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA | |
| ./mvnw -B -V -ntp verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Dsonar.skip=${SKIP_SONAR} \ | |
| -Dsonar.projectKey=io.kafbat:kafka-ui_backend |