.github/workflows/maven.yml

name: Java CI with Maven
'on':
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
    types:
      - opened
      - synchronize
      - reopened
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 21
        uses: actions/setup-java@v3
        with:
          java-version: '21'
          distribution: temurin
          cache: maven
      - name: Run Test with Maven
        run: mvn -B test
  sonar:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 21
        uses: actions/setup-java@v3
        with:
          java-version: '21'
          distribution: temurin
          cache: maven
      - name: Cache SonarCloud packages
        uses: actions/cache@v3
        with:
          path: ~/.sonar/cache
          key: '${{ runner.os }}-sonar'
          restore-keys: '${{ runner.os }}-sonar'
      - name: Cache Maven packages
        uses: actions/cache@v3
        with:
          path: ~/.m2
          key: '${{ runner.os }}-m2-${{ hashFiles(''**/pom.xml'') }}'
          restore-keys: '${{ runner.os }}-m2'
      - name: Build and analyze on SonarCloud
        env:
          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
          SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}'
        run: >-
          mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
          -Dsonar.projectKey=zteric_cicd-demo
  snyk:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/maven@master
        continue-on-error: true
        env:
          SNYK_TOKEN: '${{ secrets.SNYK_TOKEN }}'
      #   with:
      #     args: '--sarif-file-output=snyk.sarif'
      # - name: Upload result to GitHub Code Scanning
      #   uses: github/codeql-action/upload-sarif@v2
      #   with:
      #     sarif_file: snyk.sarif

  # build:
  #   runs-on: ubuntu-latest
  #   steps:
  #   - uses: actions/checkout@v3
  #   - name: Set up JDK 21
  #     uses: actions/setup-java@v3
  #     with:
  #       java-version: '21'
  #       distribution: 'temurin'
  #       cache: maven
  #   - name: Build with Maven
  #     run: mvn -B package --file pom.xml

  #   # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
  #   - name: Update dependency graph
  #     uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6