Bump github/codeql-action from 3.25.7 to 3.25.8 #480
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle | |
name: Build | |
on: | |
push: | |
branches: [ main ] | |
tags: [ "v*.*.*" ] | |
pull_request: | |
branches: [ main ] | |
schedule: | |
- cron: "39 5 1,15 * *" | |
workflow_dispatch: | |
inputs: | |
publish_artifacts: | |
description: "Publish snapshot artifacts: true or false?" | |
default: "true" | |
permissions: | |
contents: read | |
jobs: | |
build: | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
- uses: gradle/wrapper-validation-action@216d1ad2b3710bf005dc39237337b9673fd8fcd5 # v3.3.2 | |
- name: Fetch version history | |
# Do NOT want to fetch all tags if building a specific tag. | |
# Doing so could result in code published with wrong version, if newer tags have been pushed | |
if: (!startsWith(github.ref, 'refs/tags/')) | |
run: git fetch --tag --unshallow | |
- name: Set up JDK | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@4c39dd82cd5e1ec7c6fa0173bb41b4b6bb3b86ff # v3.3.2 | |
with: | |
gradle-home-cache-cleanup: true | |
env: | |
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
- name: Build | |
run: ./gradlew check coveralls | |
- name: Publish | |
if: github.event_name == 'push' || github.event.inputs.publish_artifacts == 'true' | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }} | |
ORG_GRADLE_PROJECT_SONA_USERNAME: ${{ secrets.SONA_USERNAME }} | |
ORG_GRADLE_PROJECT_SONA_PASSWORD: ${{ secrets.SONA_PASSWORD }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
./gradlew cV | |
./gradlew publish closeSonatypeStagingRepository # note: release promotion disabled as this is just a release test env. | |
- name: Publish to Gradle Plugins Portal | |
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha') | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }} | |
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | |
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | |
run: | | |
./gradlew -Dgradle.publish.key="$GRADLE_PUBLISH_KEY" -Dgradle.publish.secret="$GRADLE_PUBLISH_SECRET" publishPlugins | |
create-gh-release: | |
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha') | |
needs: build | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3.0.0 | |
- name: Create GitHut Release | |
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v0.1.15 | |
with: | |
generate_release_notes: true |