chore(deps): update io.projectreactor (#220) #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cid-workflow-version: 0.0.24 | |
| # This file is generated by the CID Workflow GitHub App. | |
| # DO NOT EDIT! | |
| # name | |
| name: CID - DefaultBranch | |
| # triggers | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| loglevel: | |
| description: Log level | |
| required: true | |
| default: info | |
| type: choice | |
| options: | |
| - debug | |
| - info | |
| - warn | |
| - error | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - v*.*.* | |
| paths-ignore: | |
| - README.md | |
| - LICENSE | |
| - .gitignore | |
| - .editorconfig | |
| - renovate.json | |
| # permissions, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions and https://docs.github.com/en/rest/overview/permissions-required-for-github-apps | |
| permissions: | |
| actions: read # detection of GitHub Actions environment | |
| checks: none | |
| contents: read | |
| deployments: none | |
| id-token: none | |
| issues: none | |
| packages: none | |
| pages: none | |
| pull-requests: none | |
| repository-projects: none | |
| security-events: none | |
| statuses: none | |
| # cancel in progress when a new run starts | |
| concurrency: | |
| group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
| cancel-in-progress: true | |
| env: | |
| CID_WORKFLOW: main | |
| CID_VERSION: latest | |
| CID_LOGLEVEL: ${{ github.event.inputs.loglevel || 'info' }} | |
| # allowed modes are 'block' and 'audit'. Using https://github.com/step-security/harden-runner to harden the runner. | |
| EGRESS_POLICY: block | |
| # allowed endpoints for egress traffic if egress-policy is set to 'block'. | |
| EGRESS_POLICY_ALLOWED_ENDPOINTS: >- | |
| api.github.com:443 | |
| cdn01.quay.io:443 | |
| cdn02.quay.io:443 | |
| cdn03.quay.io:443 | |
| codeload.github.com:443 | |
| downloads.gradle.org:443 | |
| github.com:443 | |
| jcenter.bintray.com:443 | |
| kotlinlang.org:443 | |
| objects.githubusercontent.com:443 | |
| plugins-artifacts.gradle.org:443 | |
| plugins.gradle.org:443 | |
| quay.io:443 | |
| raw.githubusercontent.com:443 | |
| repo.maven.apache.org:443 | |
| repo1.maven.org:443 | |
| services.gradle.org:443 | |
| uploads.github.com:443 | |
| EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD: "" | |
| EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST: "" | |
| EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN: >- | |
| api.sonarcloud.io:443 | |
| scanner.sonarcloud.io:443 | |
| semgrep.dev:443 | |
| sonarcloud.io:443 | |
| EGRESS_POLICY_ALLOWED_ENDPOINTS_PACKAGE: "" | |
| EGRESS_POLICY_ALLOWED_ENDPOINTS_PUBLISH: >- | |
| maven.pkg.github.com | |
| oss.sonatype.org:443 | |
| s01.oss.sonatype.org:443 | |
| # jobs | |
| jobs: | |
| # info | |
| info: | |
| name: Info | |
| runs-on: ubuntu-22.04 # https://github.com/actions/runner-images | |
| timeout-minutes: 30 | |
| if: ${{ github.event.inputs.loglevel == 'debug' }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-telemetry: true | |
| disable-sudo: true | |
| egress-policy: ${{ env.EGRESS_POLICY }} | |
| allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} | |
| - name: prepare environment | |
| uses: cidverse/ghact-cid-setup@31e7177a4d98b05a05b4671f70df0ed199bfb9a1 # v0.1.0 | |
| with: | |
| version: ${{ env.CID_VERSION }} | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: info | |
| env: | |
| CID_LOGLEVEL: ${{ env.CID_LOGLEVEL }} | |
| run: | | |
| echo "> project modules" | |
| cid --log-level=${CID_LOGLEVEL:-info} module ls | |
| echo "> catalog" | |
| cid --log-level=${CID_LOGLEVEL:-info} catalog list | |
| echo "> workflows" | |
| cid --log-level=${CID_LOGLEVEL:-info} workflow ls | |
| # build | |
| build: | |
| name: Build | |
| runs-on: ubuntu-22.04 # https://github.com/actions/runner-images | |
| permissions: | |
| id-token: write # provenance signing | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-telemetry: true | |
| disable-sudo: true | |
| egress-policy: ${{ env.EGRESS_POLICY }} | |
| allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD }} | |
| - name: prepare environment | |
| uses: cidverse/ghact-cid-setup@31e7177a4d98b05a05b4671f70df0ed199bfb9a1 # v0.1.0 | |
| with: | |
| version: ${{ env.CID_VERSION }} | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: build | |
| env: | |
| CID_WORKFLOW: ${{ env.CID_WORKFLOW }} | |
| CID_LOGLEVEL: ${{ env.CID_LOGLEVEL }} | |
| run: | | |
| cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage build | |
| - name: upload artifacts | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: build-${{ github.run_id }} | |
| path: .dist | |
| retention-days: 1 | |
| if-no-files-found: ignore | |
| # test | |
| test: | |
| name: Test | |
| runs-on: ubuntu-22.04 # https://github.com/actions/runner-images | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-telemetry: true | |
| disable-sudo: true | |
| egress-policy: ${{ env.EGRESS_POLICY }} | |
| allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST }} | |
| - name: prepare environment | |
| uses: cidverse/ghact-cid-setup@31e7177a4d98b05a05b4671f70df0ed199bfb9a1 # v0.1.0 | |
| with: | |
| version: ${{ env.CID_VERSION }} | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: test | |
| env: | |
| CID_WORKFLOW: ${{ env.CID_WORKFLOW }} | |
| CID_LOGLEVEL: ${{ env.CID_LOGLEVEL }} | |
| run: | | |
| cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage test | |
| - name: upload artifacts | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: test-${{ github.run_id }} | |
| path: .dist | |
| retention-days: 1 | |
| if-no-files-found: ignore | |
| # scan | |
| scan: | |
| name: Scan | |
| runs-on: ubuntu-22.04 # https://github.com/actions/runner-images | |
| needs: [build, test] | |
| permissions: | |
| security-events: write | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-telemetry: true | |
| disable-sudo: true | |
| egress-policy: ${{ env.EGRESS_POLICY }} | |
| allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN }} | |
| - name: prepare environment | |
| uses: cidverse/ghact-cid-setup@31e7177a4d98b05a05b4671f70df0ed199bfb9a1 # v0.1.0 | |
| with: | |
| version: ${{ env.CID_VERSION }} | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: download artifacts > build | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: build-${{ github.run_id }} | |
| path: .dist | |
| continue-on-error: true | |
| - name: download artifacts > test | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: test-${{ github.run_id }} | |
| path: .dist | |
| continue-on-error: true | |
| - name: scan | |
| env: | |
| CID_WORKFLOW: ${{ env.CID_WORKFLOW }} | |
| CID_LOGLEVEL: ${{ env.CID_LOGLEVEL }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }} | |
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }} | |
| run: | | |
| cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage scan | |
| # package | |
| package: | |
| name: Package | |
| runs-on: ubuntu-22.04 # https://github.com/actions/runner-images | |
| needs: [build] | |
| permissions: | |
| id-token: write # provenance signing | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-telemetry: true | |
| disable-sudo: true | |
| egress-policy: ${{ env.EGRESS_POLICY }} | |
| allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PACKAGE }} | |
| - name: prepare environment | |
| uses: cidverse/ghact-cid-setup@31e7177a4d98b05a05b4671f70df0ed199bfb9a1 # v0.1.0 | |
| with: | |
| version: ${{ env.CID_VERSION }} | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: download artifacts > build | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: build-${{ github.run_id }} | |
| path: .dist | |
| continue-on-error: true | |
| - name: package | |
| env: | |
| CID_WORKFLOW: ${{ env.CID_WORKFLOW }} | |
| CID_LOGLEVEL: ${{ env.CID_LOGLEVEL }} | |
| run: | | |
| cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage package | |
| - name: upload artifacts | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
| with: | |
| name: package-${{ github.run_id }} | |
| path: .dist | |
| retention-days: 1 | |
| if-no-files-found: ignore | |
| # publish | |
| publish: | |
| name: Publish | |
| runs-on: ubuntu-22.04 # https://github.com/actions/runner-images | |
| needs: [package, scan] | |
| permissions: | |
| # create release | |
| contents: write | |
| # publish packages | |
| packages: write | |
| if: startsWith(github.ref, 'refs/pull/') == false | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-telemetry: true | |
| disable-sudo: true | |
| egress-policy: ${{ env.EGRESS_POLICY }} | |
| allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PUBLISH }} | |
| - name: prepare environment | |
| uses: cidverse/ghact-cid-setup@31e7177a4d98b05a05b4671f70df0ed199bfb9a1 # v0.1.0 | |
| with: | |
| version: ${{ env.CID_VERSION }} | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: download artifacts > package | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: package-${{ github.run_id }} | |
| path: .dist | |
| continue-on-error: true | |
| - name: publish | |
| env: | |
| CID_WORKFLOW: ${{ env.CID_WORKFLOW }} | |
| CID_LOGLEVEL: ${{ env.CID_LOGLEVEL }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MAVEN_REPO_URL: ${{ secrets.MAVEN_REPO_URL }} | |
| MAVEN_REPO_USERNAME: ${{ secrets.MAVEN_REPO_USERNAME }} | |
| MAVEN_REPO_PASSWORD: ${{ secrets.MAVEN_REPO_PASSWORD }} | |
| MAVEN_GPG_SIGN_PRIVATEKEY: ${{ secrets.MAVEN_GPG_SIGN_PRIVATEKEY }} | |
| MAVEN_GPG_SIGN_PASSWORD: ${{ secrets.MAVEN_GPG_SIGN_PASSWORD }} | |
| MAVEN_GPG_SIGN_KEYID: ${{ secrets.MAVEN_GPG_SIGN_KEYID }} | |
| run: | | |
| cid --log-level=${CID_LOGLEVEL:-info} workflow run "$CID_WORKFLOW" --stage publish |