Skip to content

Bump github/codeql-action from 2.3.4 to 3.23.1 #229

Bump github/codeql-action from 2.3.4 to 3.23.1

Bump github/codeql-action from 2.3.4 to 3.23.1 #229

Workflow file for this run

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: build
on:
push:
branches:
- main
pull_request:
env:
# Maven JVM arguments
MAVEN_OPTS: -XX:InitialRAMPercentage=50.0
# Common Maven arguments since Maven 3.9.0
MAVEN_ARGS: --show-version --batch-mode --errors --no-transfer-progress
permissions: read-all
jobs:
build:
runs-on: ${{ matrix.os }}
# Based on: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
steps:
- name: Checkout repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # 3.2.0
with:
fetch-depth: 32
- name: Setup JDK 11
uses: actions/setup-java@3f07048e3d294f56e9b90ac5ea2c6f74e9ad0f98 # 3.9.0
with:
distribution: temurin
java-version: 11
cache: maven
# We could have used `verify`, but `clean install` is required for the following:
# 1. The build reproducibility report
# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
# 2. `javadoc:javadoc-no-fork`, which is attached to the `site` goal
- name: Build
timeout-minutes: 60
shell: bash
run: ./mvnw clean install
# `clean verify artifact:compare` is required to generate the build reproducibility report.
# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- name: Report build reproducibility
id: report-reproducible
timeout-minutes: 10
shell: bash
run: |
./mvnw \
-DskipTests=true \
clean package artifact:compare
- name: Upload reproducibility failure context artifacts
if: failure()
uses: actions/upload-artifact@v3 # 3.1.2
with:
name: reproducibility-failure-context-${{matrix.os}}
path: |
**/target/*.buildcompare
**/target/*.jar
**/target/reference/*.jar
- name: Build site
timeout-minutes: 10
shell: bash
run: ./mvnw site
merge:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
needs: build
permissions:
contents: write
pull-requests: write
steps:
- name: "[dependabot] Auto-merge the PR"
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy:
runs-on: ubuntu-latest
needs: build
if: github.repository == 'apache/logging-log4j2' && github.ref == 'refs/heads/master'
steps:
- name: Checkout repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # 3.2.0
with:
fetch-depth: 32
- name: Setup JDK 11
uses: actions/setup-java@3f07048e3d294f56e9b90ac5ea2c6f74e9ad0f98 # 3.9.0
with:
distribution: temurin
java-version: 11
cache: maven
- name: Inspect project version
run: |
echo ::set-output name=version::$(./mvnw \
-q -Dexec.executable=echo \
-Dexec.args='${project.version}' --non-recursive exec:exec)
id: get_version
- name: Deploy artifacts
# Do not deploy release versions
if: ${{ endsWith(steps.get_version.outputs.version, '-SNAPSHOT') }}
timeout-minutes: 15
shell: bash
# `package install:install deploy:deploy` goal is needed to deploy without configuring the plugin in the POM.
# For details, see: https://maven.apache.org/plugins/maven-gpg-plugin/examples/deploy-signed-artifacts.html
run: |
./mvnw \
--settings .github/workflows/maven-settings.xml \
-Dgpg.skip=true \
-DskipTests=true \
package install:install deploy:deploy
env:
NEXUS_USER: ${{ secrets.NEXUS_USER }}
NEXUS_PW: ${{ secrets.NEXUS_PW }}