Skip to content

Bump github/codeql-action from 3.26.10 to 3.27.0 #541

Bump github/codeql-action from 3.26.10 to 3.27.0

Bump github/codeql-action from 3.26.10 to 3.27.0 #541

Workflow file for this run

# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
name: Build
on:
push:
branches: [ main ]
tags: [ "v*.*.*" ]
pull_request:
branches: [ main ]
schedule:
- cron: "39 5 1,15 * *"
workflow_dispatch:
inputs:
publish_artifacts:
description: "Publish snapshot artifacts: true or false?"
default: "true"
permissions:
contents: read
jobs:
build:
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0
- name: Fetch version history
# Do NOT want to fetch all tags if building a specific tag.
# Doing so could result in code published with wrong version, if newer tags have been pushed
if: (!startsWith(github.ref, 'refs/tags/'))
run: git fetch --tag --unshallow
- name: Set up JDK
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
with:
java-version: '17'
distribution: 'adopt'
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
with:
gradle-home-cache-cleanup: true
- name: Build
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
run: ./gradlew build coveralls
- name: Publish
if: github.event_name == 'push' || github.event.inputs.publish_artifacts == 'true'
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }}
ORG_GRADLE_PROJECT_SONA_USERNAME: ${{ secrets.SONA_USERNAME }}
ORG_GRADLE_PROJECT_SONA_PASSWORD: ${{ secrets.SONA_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./gradlew cV
./gradlew publish closeAndReleaseStagingRepository
- name: Publish to Gradle Plugins Portal
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha')
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }}
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
run: |
./gradlew -Dgradle.publish.key="$GRADLE_PUBLISH_KEY" -Dgradle.publish.secret="$GRADLE_PUBLISH_SECRET" publishPlugins
create-gh-release:
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha')
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v3.0.0
- name: Create GitHut Release
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v0.1.15
with:
generate_release_notes: true