Merge pull request #373 from red6/dependabot/npm_and_yarn/camunda-mod… #1169
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Java CI | |
on: | |
push: | |
branches: | |
- master | |
- 'release/*' | |
pull_request: | |
types: [ opened, synchronize, reopened ] | |
pull_request_target: | |
types: [ opened, synchronize, reopened ] | |
jobs: | |
build-dmn-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
if: ${{ github.event_name != 'pull_request_target' }} | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting | |
- name: Checkout PR | |
if: ${{ github.event_name == 'pull_request_target' }} | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting | |
- name: Set up JDK | |
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
cache: maven | |
- name: Build with Maven | |
run: mvn clean install -P checkerframework | |
sonarcloud: | |
runs-on: ubuntu-latest | |
# If the PR is coming from a fork (pull_request_target), ensure it's opened by "dependabot[bot]". | |
# Otherwise, clone it normally. | |
if: | | |
(github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') || | |
(github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
allowed-endpoints: sonarcloud.io:443 | |
- name: Checkout | |
if: ${{ github.event_name != 'pull_request_target' }} | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
- name: Checkout PR | |
if: ${{ github.event_name == 'pull_request_target' }} | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Set up JDK | |
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B verify jacoco:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=red6_dmn-check | |
build-gradle-plugin: | |
runs-on: ubuntu-latest | |
needs: build-dmn-check | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
if: ${{ github.event_name != 'pull_request_target' }} | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting | |
- name: Checkout PR | |
if: ${{ github.event_name == 'pull_request_target' }} | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 # Disabling shallow clone is recommended for improving relevancy of reporting | |
- name: Set up JDK | |
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
cache: maven | |
- name: Build with Gradle | |
run: cd gradle-plugin && ./gradlew build |