Skip to content

Adds SECURITY.md and scanning workflow #267

Adds SECURITY.md and scanning workflow

Adds SECURITY.md and scanning workflow #267

Workflow file for this run

---
name: test
# We don't test documentation-only commits.
on: # yamllint disable-line rule:truthy
push: # non-tagged pushes to master
branches:
- master
tags-ignore:
- '*'
paths-ignore:
- '**/*.md'
- './build-bin/*lint'
- ./build-bin/mlc_config.json
pull_request: # pull requests targeted at the master branch.
branches:
- master
paths-ignore:
- '**/*.md'
- './build-bin/*lint'
- ./build-bin/mlc_config.json
jobs:
test:
name: test (JDK ${{ matrix.java_version }})
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish
# skip commits made by the release plugin
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
strategy:
fail-fast: false # don't fail fast as some failures are LTS specific
matrix: # match with maven-enforcer-plugin rules in pom.xml
include:
- java_version: '11' # last that can compile the 1.6 release profile
maven_args: -Prelease -Dgpg.skip
- java_version: '21' # Most recent LTS
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup java
uses: actions/setup-java@v4
with:
distribution: 'zulu' # zulu as it supports a wide version range
java-version: ${{ matrix.java_version }}
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
# yamllint disable-line rule:line-length
key: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven-
# Don't attempt to cache Docker. Sensitive information can be stolen
# via forks, and login session ends up in ~/.docker. This is ok because
# we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner.
- name: Test
run: build-bin/configure_test && build-bin/test ${{ matrix.maven_args }}