Skip to content

update pom.xml

update pom.xml #402

Workflow file for this run

name: Maven
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
types: [opened, reopened, synchronize]
branches:
- main
permissions:
contents: read
jobs:
build:
name: Test with Java ${{ matrix.jdk }}
runs-on: ubuntu-22.04
permissions:
# contents: read # for actions/checkout to fetch code
# security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
pull-requests: write # for JaCoCo report being attached to PR
strategy:
fail-fast: false
matrix:
jdk: ['8', '11', '17', '21', '23']
vendor: ['temurin']
steps:
- uses: actions/checkout@v4
- name: Set up JDK ${{ matrix.jdk }}
uses: actions/setup-java@v4
with:
distribution: ${{ matrix.vendor }}
java-version: ${{ matrix.jdk }}
cache: 'maven'
- name: Maven Package
run: mvn package
- name: Maven Verify
run: mvn -B verify spotbugs:check jacoco:report
- name: Add coverage to PR
id: jacoco
uses: madrapps/[email protected]
if: ${{ matrix.jdk == '11' }}
with:
paths: |
${{ github.workspace }}/**/target/surefire-reports/TEST-*.xml
${{ github.workspace }}/aggregate-report/target/site/jacoco-aggregate/jacoco.xml
token: ${{ secrets.GITHUB_TOKEN }}
min-coverage-overall: 70
min-coverage-changed-files: 75
- name: Upload JaCoCo Coverage
if: ${{ matrix.jdk == '11' }}
uses: actions/upload-artifact@v4
with:
name: jacoco.html
path: ${{ github.workspace }}/aggregate-report/target/site/jacoco-aggregate/index.html
overwrite: true
- name: JaCoCo Coverage
if: ${{ matrix.jdk == '11' && steps.jacoco.outputs.coverage-overall != '' }}
run: |
echo "Total coverage ${{ steps.jacoco.outputs.coverage-overall }}"
echo "Changed Files coverage ${{ steps.jacoco.outputs.coverage-changed-files }}"
# - name: Fail PR if overall coverage is less than 80%
# if: ${{ steps.jacoco.outputs.coverage-overall < 80.0 }}
# uses: actions/github-script@v6
# with:
# script: |
# core.setFailed('Overall coverage is less than 80%!')
analysis:
name: Static Analysis
needs: build
continue-on-error: false
if: ${{ needs.build.result == 'success' && github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
permissions:
contents: write # for actions/checkout to fetch code
pull-requests: write # for attached results to PR
checks: write
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }} # to check out the actual pull request commit, not the merge commit
fetch-depth: 0 # a full history is required for pull request analysis
## latest Sonar requires Java 17 or higher
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: maven
- name: Setup Cache for SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
## todo: use same artifacts from the build job
## Automatic Analysis is turned off on sonarcloud.io
- name: Maven JaCoCo report & Sonar
run: mvn -B install jacoco:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=barcode4j
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Copy aggregate JaCoCo Report (for Qodana)
shell: bash
run: |
ls -lha aggregate-report/target/site/jacoco-aggregate/
mkdir -p .qodana/code-coverage/
cp -r aggregate-report/target/site/jacoco-aggregate/jacoco.xml .qodana/code-coverage/
# potentially Qodana could be its own workflow (recommended in the docs)
- name: Qodana Scan
uses: JetBrains/[email protected]
with:
args: --baseline,qodana.sarif.json
fail-threshold: 100
env:
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
- name: Upload Qodana report to GitHub code scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
# # This step creates the Checkmarx One scan
# - name: Checkmarx One scan
# uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc
# with:
# base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One
# cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
# cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
# cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
# additional_params: --report-format sarif --output-path .
# - name: Upload SARIF file
# uses: github/codeql-action/upload-sarif@v3
# with:
# # Path to SARIF file relative to the root of the repository
# sarif_file: cx_result.sarif
# deploy:
# name: Deploy Artifact
# needs: build
# continue-on-error: true
# if: ${{ needs.build.result == 'success' && github.ref == 'refs/heads/main' }}
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - name: Set up JDK 7
# uses: actions/setup-java@v4
# with:
# distribution: zulu
# java-version: 7
# cache: maven
# #server-id: github
# server-id: ossrh
# server-username: MAVEN_USERNAME
# server-password: MAVEN_PASSWORD
# gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
# gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
# - name: Maven Deploy (GitHub Packages)
# run: mvn deploy -Prelease,githubPackages -DskipTests=true
# with:
# server-id: github
# env:
# GITHUB_TOKEN: ${{ github.token }}
# - name: Maven Deploy (Maven Central)
# run: mvn deploy -Prelease -DskipTests=true
# env:
# MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
# MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
# MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}