WIP #2721
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and verify | |
on: | |
pull_request: | |
push: | |
branches: | |
permissions: | |
contents: read | |
jobs: | |
build: | |
strategy: | |
matrix: | |
os: [ ubuntu-24.04 ] | |
jdk: [ 17.0.13, 21.0.5, 23.0.1 ] | |
distribution: [ temurin ] | |
experimental: [ false ] | |
include: | |
- os: macos-15 | |
jdk: 17.0.13 | |
distribution: temurin | |
experimental: false | |
- os: windows-2025 | |
jdk: 17.0.13 | |
distribution: temurin | |
experimental: false | |
runs-on: ${{ matrix.os }} | |
continue-on-error: ${{ matrix.experimental }} | |
steps: | |
- name: Install Harden-Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.adoptium.net:443 | |
github.com:443 | |
github-registry-files.githubusercontent.com:443 | |
jitpack.io:443 | |
maven.pkg.github.com:443 | |
objects.githubusercontent.com:443 | |
repo.maven.apache.org:443 | |
# We run the build twice for each supported JDK: once against the | |
# original Error Prone release, using only Error Prone checks available | |
# on Maven Central, and once against the Picnic Error Prone fork, | |
# additionally enabling all checks defined in this project and any Error | |
# Prone checks available only from other artifact repositories. | |
- name: Check out code and set up JDK and Maven | |
uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0 | |
with: | |
java-version: ${{ matrix.jdk }} | |
java-distribution: ${{ matrix.distribution }} | |
maven-version: 3.9.9 | |
- name: Display build environment details | |
run: mvn --version | |
- name: Build project against vanilla Error Prone, compile Javadoc | |
run: mvn -T1C install javadoc:jar -P non-maven-central -s settings.xml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Remove installed project artifacts | |
run: mvn dependency:purge-local-repository -DmanualInclude='${project.groupId}' -DresolutionFuzziness=groupId | |
# XXX: Enable Codecov once we "go public". |