build(deps): bump github/codeql-action from 3.28.3 to 3.28.4 (#1027) #3717
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: main | |
pull_request: | |
branches: main | |
schedule: | |
- cron: '0 16 * * *' | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
build: | |
if: ${{ github.repository_owner == 'ihub-pub' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 | |
with: | |
arguments: build -x test --scan | |
project-matrix: | |
if: ${{ github.repository_owner == 'ihub-pub' }} | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.name.outputs.test }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- id: name | |
name: Project Name Matrix | |
run: | | |
projects=() | |
for file in ./* | |
do | |
if [[ $file =~ "ihub-" ]] | |
then | |
projects[${#projects[@]}]=$(basename $file) | |
fi | |
done | |
p=$(IFS=,; echo "${projects[*]}") | |
p=${p//,/\",\"} | |
echo "test=[\"$p\"]" >> $GITHUB_OUTPUT | |
matrix-test: | |
runs-on: ubuntu-latest | |
needs: project-matrix | |
strategy: | |
matrix: | |
project_name: ${{ fromJson(needs.project-matrix.outputs.matrix) }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
if: ${{ matrix.project_name != 'ihub-plugins' }} | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Checkout ref main | |
if: ${{ matrix.project_name == 'ihub-plugins' }} | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: main | |
fetch-depth: 0 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Testspace Setup CLI | |
uses: testspace-com/setup-testspace@8472399a8030486c043937b8451b5e743f961ae0 # v1.0.7 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Chmod | |
run: chmod +x ./gradlew | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 | |
with: | |
arguments: ${{ matrix.project_name }}:test -DiHubTest.failFast=true | |
- name: Upload Coverage Reports | |
if: ${{ github.repository_owner == 'ihub-pub' }} | |
uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0 | |
- name: Publish Results to Testspace | |
run: testspace */build/test-results/test/*.xml */build/reports/*/test/*.xml | |
- name: Upload Test Result | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: ${{ matrix.project_name }}-test | |
path: | | |
*/build/reports/tests | |
retention-days: 1 | |
check: | |
runs-on: ubuntu-latest | |
needs: [ build, matrix-test ] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Check Status | |
run: echo "Check Status" |