chore(deps): update dependency commons-codec:commons-codec to v1.17.2 #836
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
analyse: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build and upload Trivy vulnerability report | |
if: github.ref_name == 'main' | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
severity: 'CRITICAL,HIGH' | |
exit-code: '0' | |
- name: Upload Trivy scan results to GitHub Security tab | |
if: github.ref_name == 'main' | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
ignore-unfixed: true | |
severity: 'CRITICAL,HIGH' | |
exit-code: '1' | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
cache: maven | |
- name: Test with Maven | |
run: | | |
mvn clean test | |
release: | |
runs-on: ubuntu-latest | |
if: github.ref_name == 'main' | |
needs: | |
- test | |
- analyse | |
steps: | |
- uses: actions/checkout@v4 | |
# Create a new release based on semantic versioning | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 21 | |
- name: Install Dependencies | |
run: | | |
npm install -g \ | |
semantic-release \ | |
@semantic-release/git \ | |
@semantic-release/gitlab \ | |
@semantic-release/changelog \ | |
@semantic-release/exec \ | |
@semantic-release/commit-analyzer | |
- name: Generate Semantic Release Notes and Create Release | |
if: github.ref == 'refs/heads/main' | |
env: | |
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
run: npx semantic-release | |
publish: | |
runs-on: ubuntu-latest | |
if: github.ref_name == 'main' | |
needs: release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set latest version to environment | |
if: github.ref == 'refs/heads/main' | |
shell: bash | |
run: | | |
REPO="RouHim/discoverj" | |
LATEST_RELEASE_VERSION=$(curl --silent "https://api.github.com/repos/$REPO/releases/latest" | jq -r ".tag_name") | |
echo "Latest release is $LATEST_RELEASE_VERSION" | |
echo "VERSION=$LATEST_RELEASE_VERSION" >> $GITHUB_ENV | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
cache: maven | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
registry-url: 'https://registry.npmjs.org' | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Set up Git Config | |
run: | | |
git config user.name "GitHub Actions Bot" | |
git config user.email "<>" | |
- name: Build jar with Maven | |
run: | | |
mvn versions:set -DnewVersion=${{ env.VERSION }} | |
mvn clean package -q -DskipTests | |
# Revert pom file changes to have a clean working copy | |
git stash | |
- name: Publish with jDeploy | |
run: | | |
npm version ${{ env.VERSION }} | |
npx jdeploy publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |