Skip to content

Bump org.owasp:dependency-check-maven from 10.0.4 to 11.0.0 #1469

Bump org.owasp:dependency-check-maven from 10.0.4 to 11.0.0

Bump org.owasp:dependency-check-maven from 10.0.4 to 11.0.0 #1469

Workflow file for this run

name: 'Maven build'
on:
push:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/master' || github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) || format('ci-master-{0}', github.ref) }}
cancel-in-progress: true
env:
PGPASSWORD: postgres
PGUSER: postgres
PGDATABASE: postgres
jobs:
build:
name: "Java ${{ matrix.java }} / ${{ matrix.profile }} / PostGIS ${{ matrix.postgis }} build"
runs-on: ubuntu-latest
strategy:
matrix:
java: [ 11 ]
java_dist: [ 'temurin' ]
profile: [ hsqldb, postgresql ]
postgis: [ 16-3.4-alpine ]
include:
- java: 17
java_dist: 'temurin'
postgis: 16-3.4-alpine
profile: 'postgresql'
- java: 21
java_dist: 'zulu'
postgis: 16-3.4-alpine
profile: 'postgresql'
services:
postgis:
image: postgis/postgis:${{ matrix.postgis }}
env:
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 15s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 5
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: ${{ matrix.java_dist }}
cache: 'maven'
- name: 'QA build with Maven'
run: mvn -B -V -fae -DskipQA=false -Dfmt.action=check -Dpom.fmt.action=verify -Ddocker.skip=true -Dtest.onlyITs= -Dmaven.test.skip=true clean package
- name: 'Set up PostGIS database'
if: ${{ matrix.profile == 'postgresql' }}
run: |
psql --version
psql -U postgres -h localhost -c 'SELECT version();'
.build/ci/pgsql-setup.sh
- name: 'Priming build'
run: mvn install -Dmaven.test.skip=true -B -V -e -fae -q -P${{ matrix.profile }}
- name: 'Test'
run: mvn -e test -B -P${{ matrix.profile }}
- name: 'Verify'
run: mvn -e verify -B -P${{ matrix.profile }} -T1 -Dtest.onlyITs=true
- name: 'Javadoc'
run: |
mvn javadoc:javadoc
mvn javadoc:test-javadoc
- name: 'Upload codecoverage'
uses: codecov/codecov-action@v4
deploy:
name: Deploy artifacts
runs-on: ubuntu-latest
needs: build
permissions:
packages: write
contents: read
if: ${{ ( github.ref == 'refs/heads/master' ) && ( github.event_name == 'push' || github.event_name == 'workflow_dispatch' ) }}
steps:
- uses: actions/checkout@v4
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
cache: 'maven'
- name: 'Build and Push'
# no need to run any QC or tests
env:
B3P_DEPLOY_ACTOR: ${{ secrets.B3P_DEPLOY_ACTOR }}
B3P_DEPLOY_TOKEN: ${{ secrets.B3P_DEPLOY_TOKEN }}
run: |
mvn -B -V -fae -Dmaven.test.skip=true clean deploy --settings .github/maven-settings.xml
- name: 'Deploy SBOM'
uses: DependencyTrack/gh-upload-sbom@v3
with:
serverhostname: ${{ secrets.DEPENDENCY_TRACK_HOSTNAME }}
apikey: ${{ secrets.DEPENDENCY_TRACK_APIKEY }}
project: 'f22983c2-33f3-4303-9682-f31f7492501b'
bomfilename: 'target/bom.xml'
cleanup:
name: 'Maven cache cleanup'
if: ${{ always() }}
needs: [ build, deploy ]
runs-on: ubuntu-latest
steps:
- uses: actions/cache@v4
with:
path: ~/.m2/repository
key: maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
maven-
- name: 'Cleanup snapshot cache'
run: |
find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}