Skip to content
Build and Deploy Snapshot

feat: Utilize NVD API (#5978) #1164

Sign in to view logs

feat: Utilize NVD API (#5978)

feat: Utilize NVD API (#5978) #1164

Workflow file for this run

.github/workflows/build.yml at b30c68a
name: Build and Deploy Snapshot
on:
push:
branches:
- main
paths-ignore:
- '**/*.md'
- '**/*.txt'
permissions: {}
jobs:
build:
permissions:
contents: read # to fetch code (actions/checkout)
name: Build dependency-check
runs-on: ubuntu-latest
steps:
- name: Install gpg secret key
id: install-gpg-key
run: |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- uses: actions/checkout@v4
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Check Local Maven Cache
id: maven-it-cache
uses: actions/cache@v3
with:
path: maven/target/local-repo
key: mvn-it-repo
- name: Check ODC Data Cache
id: odc-data-cache
uses: actions/cache@v3
with:
path: core/target/data
key: odc-data
- uses: actions/[email protected]
with:
dotnet-version: '6.0.x'
- name: Set up JDK 1.8
id: jdk-8
uses: actions/setup-java@v3
with:
java-version: 8
distribution: 'zulu'
server-id: ossrh
server-username: ${{ secrets.OSSRH_USERNAME }}
server-password: ${{ secrets.OSSRH_TOKEN }}
- uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0
with:
version: 6.0.2
- name: Build Snapshot with Maven
id: build-snapshot
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
run: mvn -s settings.xml -Prelease clean package verify source:jar javadoc:jar gpg:sign deploy -DreleaseTesting --no-transfer-progress --batch-mode -Dgpg.passphrase=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
- name: SARIF Multitool
uses: microsoft/[email protected]
with:
# Command to be sent to SARIF Multitool
command: 'validate core/target/test-reports/Report.sarif'
- name: Archive IT test logs
id: archive-logs
if: always()
uses: actions/upload-artifact@v3
with:
name: it-test-logs
retention-days: 7
path: maven/target/it/**/build.log
- name: Archive code coverage results
id: archive-coverage
uses: actions/upload-artifact@v3
with:
name: code-coverage-report
retention-days: 7
path: |
**/target/jacoco-results/jacoco.xml
**/target/jacoco-results/**/*.html
- name: Archive Snapshot
id: archive-snapshot
uses: actions/upload-artifact@v3
with:
name: archive-snapshot
retention-days: 7
path: |
**/target/*.asc
**/target/*.jar
**/target/*.pom
ant/target/*.zip
cli/target/*.zip
publish_coverage:
name: publish code coverage reports
runs-on: ubuntu-latest
needs: build
steps:
- name: Download coverage reports
uses: actions/download-artifact@v3
with:
name: code-coverage-report
- name: Run codacy-coverage-reporter
uses: codacy/codacy-coverage-reporter-action@master
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: utils/target/jacoco-results/jacoco.xml,core/target/jacoco-results/jacoco.xml,maven/target/jacoco-results/jacoco.xml,ant/target/jacoco-results/jacoco.xml,cli/target/jacoco-results/jacoco.xml
docker:
permissions:
contents: read # to fetch code (actions/checkout)
name: Build and Test Docker
runs-on: ubuntu-latest
needs: build
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check Maven Cache
id: maven-cache
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Download release build
uses: actions/download-artifact@v3
with:
name: archive-snapshot
- name: Build Docker Image
run: ./build-docker.sh
- name: build scan target
run: mvn -s settings.xml package -DskipTests=true --no-transfer-progress --batch-mode
- name: Test Docker Image
run: ./test-docker.sh