🌱 Bump actions/upload-artifact from 4.4.3 to 4.5.0 #522
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ubuntu-workflow | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- '*' | |
permissions: # limit the permissions of the GITHUB_TOKEN to reading repository contents | |
contents: read | |
jobs: | |
build: | |
permissions: | |
actions: write # for styfle/cancel-workflow-action to cancel/stop running workflows | |
contents: read # for actions/checkout to fetch code | |
runs-on: ubuntu-latest | |
outputs: | |
build-scan-url: ${{ steps.build.outputs.build-scan-url }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@v2 | |
with: | |
egress-policy: audit | |
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly | |
- name: Cancel Previous Runs | |
uses: styfle/[email protected] | |
with: | |
access_token: ${{ github.token }} | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: gradle/wrapper-validation-action@v3 | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- id: build | |
name: Gradle clean build | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HEAD_REF: ${{ github.head_ref }} | |
run: ./gradlew clean build | |
publish-scan-url: | |
needs: | |
- build | |
permissions: | |
pull-requests: write # to allow creating or updating a comment | |
if: ${{ github.event_name == 'pull_request' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@v2 | |
with: | |
egress-policy: audit | |
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly | |
- name: Get current time | |
uses: 1466587594/get-current-time@v2 | |
id: current-time | |
with: | |
format: "YYYY-MM-DD HH:mm:ss" | |
utcOffset: "+00:00" | |
- name: Write Buildscan URL to Summary | |
env: | |
TIMESTAMP: ${{ steps.current-time.outputs.formattedTime }} | |
BUILD_SCAN_URL: ${{ needs.build.outputs.build-scan-url }} | |
run: | | |
echo "**Timestamp:** $TIMESTAMP" >> $GITHUB_STEP_SUMMARY | |
echo "**Buildscan URL for ubuntu-workflow run:**" >> $GITHUB_STEP_SUMMARY | |
echo "[$GITHUB_RUN_ID](https://github.com/Flank/flank/actions/runs/$GITHUB_RUN_ID)" >> $GITHUB_STEP_SUMMARY | |
echo "$BUILD_SCAN_URL" >> $GITHUB_STEP_SUMMARY |