From 46f0952c3e69ad39af5b5c3c425b3635b1eba3b0 Mon Sep 17 00:00:00 2001 From: Jeremy Landis Date: Sun, 9 Jun 2024 10:18:19 -0400 Subject: [PATCH] [GHA] Update actions and add codeql --- .github/workflows/ci.yaml | 6 ++-- .github/workflows/codeql.yml | 47 ++++++++++++++++++++++++++++++++ .github/workflows/coveralls.yaml | 5 ++-- .github/workflows/site.yaml | 3 +- .github/workflows/sonar.yaml | 5 ++-- .github/workflows/sonatype.yaml | 3 +- 6 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 16a5b955..80bd06ad 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -7,9 +7,10 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-latest, macos-latest, windows-latest] + cache: [maven] + distribution: [temurin] java: [11, 17, 21, 22, 23-ea] - distribution: ['temurin'] + os: [ubuntu-latest, macos-latest, windows-latest] fail-fast: false max-parallel: 4 name: Test JDK ${{ matrix.java }}, ${{ matrix.os }} @@ -21,5 +22,6 @@ jobs: with: java-version: ${{ matrix.java }} distribution: ${{ matrix.distribution }} + cache: ${{ matrix.cache }} - name: Test with Maven run: ./mvnw test -B -V --no-transfer-progress -D"license.skip=true" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..18fae20a --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,47 @@ +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: "43 10 * * 2" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ javascript, java ] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Java + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: 'temurin' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/coveralls.yaml b/.github/workflows/coveralls.yaml index bf998b75..05f3029f 100644 --- a/.github/workflows/coveralls.yaml +++ b/.github/workflows/coveralls.yaml @@ -11,8 +11,9 @@ jobs: - name: Set up JDK uses: actions/setup-java@v4 with: + cache: maven + distribution: temurin java-version: 21 - distribution: zulu - name: Report Coverage to Coveralls for Pull Requests if: github.event_name == 'pull_request' run: ./mvnw -B -V test jacoco:report coveralls:report -q -Dlicense.skip=true -DrepoToken=$GITHUB_TOKEN -DserviceName=github -DpullRequest=$PR_NUMBER --no-transfer-progress @@ -21,6 +22,6 @@ jobs: PR_NUMBER: ${{ github.event.number }} - name: Report Coverage to Coveralls for General Push if: github.event_name == 'push' - run: ./mvnw -B -V test jacoco:report coveralls:report -q -Dlicense.skip=true -DrepoToken=$GITHUB_TOKEN -DserviceName=github + run: ./mvnw -B -V test jacoco:report coveralls:report -q -Dlicense.skip=true -DrepoToken=$GITHUB_TOKEN -DserviceName=github --no-transfer-progress env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/site.yaml b/.github/workflows/site.yaml index 22281a17..9879e6e7 100644 --- a/.github/workflows/site.yaml +++ b/.github/workflows/site.yaml @@ -14,7 +14,8 @@ jobs: - name: Set up JDK uses: actions/setup-java@v4 with: - distribution: zulu + cache: maven + distribution: temurin java-version: 21 - name: Build site run: ./mvnw site site:stage -DskipTests -Dlicense.skip=true -B -V --no-transfer-progress --settings ./.mvn/settings.xml diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml index bfb8f4bc..23cab5ba 100644 --- a/.github/workflows/sonar.yaml +++ b/.github/workflows/sonar.yaml @@ -17,10 +17,11 @@ jobs: - name: Set up JDK uses: actions/setup-java@v4 with: + cache: maven + distribution: temurin java-version: 21 - distribution: zulu - name: Analyze with SonarCloud - run: ./mvnw verify sonar:sonar -B -V -Dsonar.projectKey=spotbugs_spotbugs-maven-plugin -Dsonar.organization=spotbugs -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN -Dlicense.skip=true --no-transfer-progress + run: ./mvnw verify sonar:sonar -B -V -Dsonar.projectKey=spotbugs_spotbugs-maven-plugin -Dsonar.organization=spotbugs -Dsonar.host.url=https://sonarcloud.io -Dsonar.token=$SONAR_TOKEN -Dlicense.skip=true --no-transfer-progress env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/sonatype.yaml b/.github/workflows/sonatype.yaml index 26357541..7f13d126 100644 --- a/.github/workflows/sonatype.yaml +++ b/.github/workflows/sonatype.yaml @@ -14,8 +14,9 @@ jobs: - name: Set up JDK uses: actions/setup-java@v4 with: + cache: maven + distribution: temurin java-version: 21 - distribution: zulu - name: Deploy to Sonatype run: ./mvnw deploy -DskipTests -B -V --no-transfer-progress --settings ./.mvn/settings.xml -Dlicense.skip=true env: