chore(deps): update github/codeql-action action to v3.28.0 #117
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # SPDX-FileCopyrightText: 2024 INFO | |
| # SPDX-License-Identifier: EUPL-1.2+ | |
| # | |
| name: Build, test & deploy | |
| on: | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| # cancel any previous runs of this workflow for this branch that are still in progress | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| JAVA_VERSION: '18' | |
| CONTAINER_REGISTRY_URL: 'ghcr.io/infonl' | |
| APPLICATION_NAME: 'lib-sepa' | |
| permissions: | |
| contents: write | |
| packages: write | |
| checks: write | |
| pull-requests: write | |
| # Required for uploading SARIF reports | |
| security-events: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 30 | |
| outputs: | |
| branch_name: ${{ steps.gen_branch_name.outputs.BRANCH_NAME }} | |
| build_number: ${{ steps.gen_build_number.outputs.BUILD_NUMBER }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Set branch name | |
| id: gen_branch_name | |
| run: echo "BRANCH_NAME=${{ github.ref_name }}" | sed 's/\//_/g; s/(//g; s/)//g' >> $GITHUB_OUTPUT | |
| - name: Set build number | |
| id: gen_build_number | |
| run: echo "BUILD_NUMBER=${{ steps.gen_branch_name.outputs.BRANCH_NAME }}-${{ github.run_number }}" >> $GITHUB_OUTPUT | |
| - name: Setup JDK | |
| uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 | |
| - name: Validate Gradle wrapper | |
| uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 | |
| - name: Gradle build | |
| run: ./gradlew build -Pversion=${{ steps.gen_branch_name.outputs.BRANCH_NAME }}-${{ github.run_number }} --info | |
| - name: Publish unit test results | |
| uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 | |
| if: always() | |
| with: | |
| check_name: unit-test-results | |
| files: | | |
| build/test-results/**/*.xml | |
| - name: Cache Gradle build | |
| uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
| with: | |
| path: | | |
| build | |
| key: build-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }} | |
| dependabot-auto-merge: | |
| needs: [build] | |
| runs-on: ubuntu-24.04 | |
| if: github.actor == 'dependabot[bot]' | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| steps: | |
| - uses: fastify/github-action-merge-dependabot@c3bde0759d4f24db16f7b250b2122bc2df57e817 # v3.11.0 | |
| with: | |
| # Our Dependabot PRs are not merged automatically because an automatically merged PR | |
| # does not trigger our push workflow (and so no release would be made). | |
| # see: https://github.com/fastify/github-action-merge-dependabot/issues/134 | |
| approve-only: true | |
| target: minor | |
| publish-release: | |
| needs: [build] | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 30 | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Setup JDK | |
| uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 | |
| - name: Validate Gradle wrapper | |
| uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 | |
| - name: Restore Gradle build | |
| uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
| with: | |
| path: build | |
| key: build-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_number }} | |
| # Determine the next semantic version based on the commit message tags | |
| - name: Get next version | |
| id: get_next_version | |
| uses: rmeneely/git-next-version@137f4036fd148c7faf9d01b3b73e4345b38037f6 # v1.0.8 | |
| with: | |
| tag_pattern: '[0-9]*.[0-9]*.[0-9]*' | |
| increment: 'patch' | |
| auto_increment: 'true' | |
| auto_increment_minor_version_pattern: 'minor:|feature:|feat:' | |
| - name: Show the next version | |
| run: | | |
| echo "current version: ${{ env.LAST_VERSION }}" | |
| echo "next version: ${{ env.NEXT_VERSION }}" | |
| - name: Gradle publish | |
| run: ./gradlew jar publish -Pversion=${{ env.NEXT_VERSION }} --info | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create tag for new version | |
| if: ${{ env.LAST_VERSION != env.NEXT_VERSION }} | |
| run: | | |
| git tag ${{ env.NEXT_VERSION }} | |
| git push origin ${{ env.NEXT_VERSION }} | |