Skip to content

Merge pull request #373 from red6/dependabot/npm_and_yarn/camunda-mod… #1169

Merge pull request #373 from red6/dependabot/npm_and_yarn/camunda-mod…

Merge pull request #373 from red6/dependabot/npm_and_yarn/camunda-mod… #1169

Workflow file for this run

name: Java CI
on:
push:
branches:
- master
- 'release/*'
pull_request:
types: [ opened, synchronize, reopened ]
pull_request_target:
types: [ opened, synchronize, reopened ]
jobs:
build-dmn-check:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Set up JDK
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
with:
java-version: '17'
distribution: 'adopt'
cache: maven
- name: Build with Maven
run: mvn clean install -P checkerframework
sonarcloud:
runs-on: ubuntu-latest
# If the PR is coming from a fork (pull_request_target), ensure it's opened by "dependabot[bot]".
# Otherwise, clone it normally.
if: |
(github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') ||
(github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]')
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
allowed-endpoints: sonarcloud.io:443
- name: Checkout
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up JDK
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
with:
java-version: '17'
distribution: 'adopt'
- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B verify jacoco:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=red6_dmn-check
build-gradle-plugin:
runs-on: ubuntu-latest
needs: build-dmn-check
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting
- name: Set up JDK
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
with:
java-version: '17'
distribution: 'adopt'
cache: maven
- name: Build with Gradle
run: cd gradle-plugin && ./gradlew build