Skip to content

Commit 9004d56

Browse files
Tristan971Tristan971
committed
Add dependency check job and archive dependency scan and AOT build reports
1 parent 2215d83 commit 9004d56

File tree

3 files changed

+56
-9
lines changed

3 files changed

+56
-9
lines changed

.github/actions/maven-build/action.yml renamed to .github/actions/maven/action.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,10 @@ inputs:
77
MAVEN_JOB_ARGS:
88
description: "Maven arguments to add"
99
required: true
10+
JVMOPT_NATIVE_ACCESS:
11+
description: "Allow native access at JVM level"
12+
required: false
13+
default: ""
1014

1115
runs:
1216
using: composite
@@ -16,6 +20,11 @@ runs:
1620
run: |
1721
set -euo pipefail
1822
23+
if [ -n "${{ inputs.JVMOPT_NATIVE_ACCESS }}" ]; then
24+
echo "Allow native access to modules/classes: ${{ inputs.JVMOPT_NATIVE_ACCESS }}"
25+
export MAVEN_OPTS="$MAVEN_OPTS --enable-native-access=${{ inputs.JVMOPT_NATIVE_ACCESS }}"
26+
fi
27+
1928
mvn -B -e -fae --show-version \
2029
-Dmaven.repo.local="${{ github.workspace }}/.ci/transient/m2-repo" \
2130
-DsurefireTmpDir="${{ github.workspace }}/.ci/transient/surefireTmpDir" \

.github/workflows/ci.yml

Lines changed: 44 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,39 @@ jobs:
3535
DOCKER_IMAGE="$(echo "$GITHUB_REPOSITORY" | tr '[:upper:]' '[:lower:]')"
3636
echo "docker_image=$DOCKER_IMAGE" | tee -a "$GITHUB_OUTPUT"
3737
38+
dependency_report:
39+
name: "OWASP DepCheck"
40+
runs-on: "ubuntu-latest"
41+
needs: [ "set_variables" ]
42+
steps:
43+
- name: "Checkout repository"
44+
uses: "actions/checkout@v4"
45+
with:
46+
persist-credentials: false
47+
- name: "Install JDK"
48+
uses: "actions/setup-java@v4"
49+
with:
50+
distribution: "corretto"
51+
java-version: "${{ needs.set_variables.outputs.java_version }}"
52+
- name: "Cache Maven repository"
53+
uses: "actions/cache@v4"
54+
with:
55+
path: "${{ github.workspace }}/.ci/transient/m2-repo"
56+
key: "${{ runner.os }}-${{ runner.arch }}-owasp-${{ hashFiles('pom.xml') }}"
57+
restore-keys: |
58+
${{ runner.os }}-${{ runner.arch }}-owasp-
59+
- name: "Maven Build"
60+
uses: "./.github/actions/maven-build"
61+
with:
62+
BUILD_REVISION: "${{ needs.set_variables.outputs.build_version }}"
63+
MAVEN_JOB_ARGS: "dependency-check:check -DnvdApiKey=${{ secrets.NVD_API_KEY }}"
64+
JVMOPT_NATIVE_ACCESS: "ALL-UNNAMED"
65+
- name: "Archive jarfile"
66+
uses: "actions/upload-artifact@v4"
67+
with:
68+
name: "dependency-check-report.html"
69+
path: "target/dependency-check-report.html"
70+
3871
build_hotspot:
3972
name: "Build (HotSpot)"
4073
runs-on: "ubuntu-latest"
@@ -53,10 +86,9 @@ jobs:
5386
uses: "actions/cache@v4"
5487
with:
5588
path: "${{ github.workspace }}/.ci/transient/m2-repo"
56-
key: "${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('pom.xml') }}"
89+
key: "${{ runner.os }}-${{ runner.arch }}-hostpot-${{ hashFiles('pom.xml') }}"
5790
restore-keys: |
58-
${{ runner.os }}-${{ runner.arch }}-
59-
${{ runner.os }}-
91+
${{ runner.os }}-${{ runner.arch }}-hotspot-
6092
- name: "Maven Build"
6193
uses: "./.github/actions/maven-build"
6294
with:
@@ -97,10 +129,9 @@ jobs:
97129
uses: "actions/cache@v4"
98130
with:
99131
path: "${{ github.workspace }}/.ci/transient/m2-repo"
100-
key: "${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('pom.xml') }}"
132+
key: "${{ runner.os }}-${{ runner.arch }}-graal-${{ hashFiles('pom.xml') }}"
101133
restore-keys: |
102-
${{ runner.os }}-${{ runner.arch }}-
103-
${{ runner.os }}-
134+
${{ runner.os }}-${{ runner.arch }}-graal-
104135
- name: "Maven Build"
105136
uses: "./.github/actions/maven-build"
106137
with:
@@ -109,16 +140,21 @@ jobs:
109140
- name: "Archive binary"
110141
uses: "actions/upload-artifact@v4"
111142
with:
112-
name: "mcw-bin"
143+
name: "mcw-aot"
113144
path: "target/mcw"
145+
- name: "Archive build report"
146+
uses: "actions/upload-artifact@v4"
147+
with:
148+
name: "mcw-aot-build-report.html"
149+
path: "target/mcw-build-report.html"
114150

115151
publish_graal:
116152
name: "Publish (GraalVM)"
117153
needs: [ "set_variables", "build_graal" ]
118154
uses: "./.github/workflows/publish.yml"
119155
with:
120156
JAVA_VERSION: "${{ needs.set_variables.outputs.java_version }}"
121-
ARTIFACT_NAME: "mcw-bin"
157+
ARTIFACT_NAME: "mcw-aot"
122158
DOCKER_REGISTRY: "ghcr.io"
123159
DOCKER_IMAGE: "${{ needs.set_variables.outputs.docker_image }}"
124160
DOCKER_TARGET: "graal"

pom.xml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,9 @@
2020
<properties>
2121
<java.version>23</java.version>
2222
<revision>local-SNAPSHOT</revision>
23+
2324
<build.timestamp>${maven.build.timestamp}</build.timestamp>
25+
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
2426
<surefireTmpDir>${java.io.tmpdir}</surefireTmpDir>
2527

2628
<maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
@@ -134,7 +136,7 @@
134136
<formats>
135137
<format>HTML</format>
136138
</formats>
137-
<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
139+
<nvdApiKey>${nvdApiKey}</nvdApiKey>
138140
<nvdValidForHours>168</nvdValidForHours>
139141
<prettyPrint>true</prettyPrint>
140142
</configuration>

0 commit comments

Comments
 (0)