Adds SECURITY.md and scanning workflow (#227) #138
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yamllint --format github .github/workflows/test.yml | |
--- | |
name: test | |
# We don't test documentation-only commits. | |
on: | |
# We run tests on non-tagged pushes to master that aren't a commit made by the release plugin | |
push: | |
tags: '' | |
branches: master | |
paths-ignore: '**/*.md' | |
# We also run tests on pull requests targeted at the master branch. | |
pull_request: | |
branches: master | |
paths-ignore: '**/*.md' | |
jobs: | |
test: | |
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish | |
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')" | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Cache local Maven repository | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-maven- | |
- name: Setup java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' # zulu as it supports a wide version range | |
java-version: '17' # until Spark 4 per SPARK-43831 | |
- name: Test without Docker | |
run: build-bin/maven/maven_go_offline && build-bin/test -DexcludedGroups=docker | |
test_docker: | |
name: test_docker (${{ matrix.name }}) | |
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish | |
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')" | |
strategy: | |
matrix: | |
include: | |
- name: zipkin-dependencies-cassandra3 | |
module: zipkin-dependencies-cassandra3 | |
groups: docker | |
- name: zipkin-dependencies-elasticsearch-v7 | |
module: zipkin-dependencies-elasticsearch | |
groups: docker,elasticsearch7 | |
- name: zipkin-dependencies-elasticsearch-v8 | |
module: zipkin-dependencies-elasticsearch | |
groups: docker,elasticsearch8 | |
- name: zipkin-dependencies-mysql | |
module: zipkin-dependencies-mysql | |
groups: docker | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Cache local Maven repository | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-maven- | |
# Don't attempt to cache Docker. Sensitive information can be stolen | |
# via forks, and login session ends up in ~/.docker. This is ok because | |
# we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner. | |
- name: Setup java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' # zulu as it supports a wide version range | |
java-version: '17' # until Spark 4 per SPARK-43831 | |
- name: Test with Docker | |
run: | | |
build-bin/docker/configure_docker && | |
build-bin/maven/maven_go_offline && | |
build-bin/maven/maven_build -pl :${{ matrix.module }} --am && | |
build-bin/test -Dgroups=${{ matrix.groups }} -pl :${{ matrix.module }} | |
env: | |
MAVEN_GOAL: install # docker build needs dependencies in mavenLocal | |
MAVEN_CONFIG: '-Dlicense.skip=true' # license check already run |