test with matrix structure

Fraunhofer-AISEC · Dec 20, 2023 · 3c8d5d5 · 3c8d5d5
1 parent 0c910db
commit 3c8d5d5
Showing 1 changed file with 22 additions and 21 deletions.
diff --git a/.github/workflows/findsecbugs.yml b/.github/workflows/findsecbugs.yml
@@ -17,12 +17,8 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-and-scan:
+  build:
     runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -35,25 +31,30 @@ jobs:
         uses: gradle/gradle-build-action@v2
         with:
           arguments: build -x check --parallel -Pversion=0.0.0
-      # We need to run it multiple times to manually fix the file paths and exclude gradle results
-      - name: Run FindSecBugs for Codyze CLI
-        uses: advanced-security/spotbugs-findsecbugs-action@v1
+      - name: Upload JARs
+        uses: actions/upload-artifact@v4
         with:
-          spotbugs_target: 'codyze-cli/'
-          java_distribution: 'temurin'
-          java_version: '17'
-          path_prefix: 'codyze-cli/src/main/kotlin/'
-      - name: Run FindSecBugs for Codyze Core
-        uses: advanced-security/spotbugs-findsecbugs-action@v1
+          name: jar-bundle
+          path: '**/*.jar'
+
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    strategy:
+      # We need to run it multiple times to manually fix the file paths and exclude gradle results
+      matrix:
+        module: [ 'codyze-cli/', 'codyze-core/', 'codyze-backends/cpg/' ]
+    steps:
+      - name: Download JARs
+        uses: actions/download-artifact@v4
         with:
-          spotbugs_target: 'codyze-core/'
-          java_distribution: 'temurin'
-          java_version: '17'
-          path_prefix: 'codyze-core/src/main/kotlin/'
-      - name: Run FindSecBugs for Codyze CPG Backend
+          name: jar-bundle
+          path: '${{ matrix.module }}/'
+      - name: Run FindSecBugs for Codyze CLI
         uses: advanced-security/spotbugs-findsecbugs-action@v1
         with:
-          spotbugs_target: 'codyze-backends/cpg/'
+          spotbugs_target: ${{ matrix.module }}
           java_distribution: 'temurin'
           java_version: '17'
-          path_prefix: 'codyze-backends/cpg/src/main/kotlin/'
+          path_prefix: '${{ matrix.os }}src/main/kotlin/'