chore(deps): update github/codeql-action action to v3.28.9 - abandoned #433
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # SPDX-FileCopyrightText: 2024 INFO.nl | |
| # SPDX-License-Identifier: EUPL-1.2+ | |
| # | |
| name: Build and Publish | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| JAVA_VERSION: '21' | |
| permissions: | |
| contents: write | |
| packages: write | |
| checks: write | |
| pull-requests: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup JDK | |
| uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 | |
| - name: Validate Gradle wrapper | |
| uses: gradle/actions/wrapper-validation@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 | |
| - name: Gradle build with unit tests | |
| # Use --write-locks to support dependency updates from Dependabot PRs | |
| run: ./gradlew build --write-locks --info | |
| - name: Upload coverage reports to Codecov | |
| uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| dependabot-auto-merge: | |
| needs: [build] | |
| runs-on: ubuntu-24.04 | |
| if: github.actor == 'dependabot[bot]' | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| steps: | |
| - uses: fastify/github-action-merge-dependabot@c3bde0759d4f24db16f7b250b2122bc2df57e817 # v3.11.0 | |
| with: | |
| # Our Dependabot PRs are not merged automatically because an automatically merged PR | |
| # does not trigger our push workflow (and so no release would be made). | |
| # see: https://github.com/fastify/github-action-merge-dependabot/issues/134 | |
| approve-only: true | |
| target: minor | |
| next-version: | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.get-version.outputs.replaced }} | |
| tag: ${{ steps.get-tag.outputs.new_tag }} | |
| steps: | |
| # Checkout the repository including tags | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| # Determine the next semantic version based on the commit message tags | |
| - name: Get next tag | |
| id: get-tag | |
| uses: anothrNick/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PRERELEASE: false | |
| DEFAULT_BUMP: patch | |
| WITH_V: true | |
| RELEASE_BRANCHES: main | |
| - name: Get next version | |
| id: get-version | |
| uses: frabert/replace-string-action@b6828c5a4cb6371753ff873b0d1c4c4fbd9a63cb # v2.5 | |
| with: | |
| pattern: 'v(.*)' | |
| string: ${{ steps.get-tag.outputs.new_tag }} | |
| replace-with: '$1' | |
| - name: Print new tag and version | |
| run: | | |
| echo "Next version: ${{ steps.get-version.outputs.replaced }}" | |
| echo "Next version tag: ${{ steps.get-tag.outputs.new_tag }}" | |
| publish: | |
| needs: [build, next-version] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup JDK | |
| uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0 | |
| - name: Create a new release | |
| run: ./gradlew release | |
| - name: Publish to Sonatype Nexus OSS | |
| env: | |
| ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USER_TOKEN_USERNAME }} | |
| ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_USER_TOKEN_PASSWORD }} | |
| ORG_GRADLE_PROJECT_signingKey: ${{ secrets.PGP_SECRET }} | |
| ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.PGP_PASSPHRASE }} | |
| run: ./gradlew publishToSonatype closeAndReleaseStagingRepository --no-daemon | |
| create-release: | |
| needs: [next-version, publish] | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| env: | |
| NEXT_VERSION: ${{ needs.next-version.outputs.version }} | |
| NEXT_VERSION_TAG: ${{ needs.next-version.outputs.tag }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create or update GitHub release | |
| uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ env.NEXT_VERSION_TAG }} | |
| name: ${{ env.APPLICATION_NAME }} ${{ env.NEXT_VERSION }} | |
| draft: false | |
| prerelease: false | |
| allowUpdates: true | |
| makeLatest: true | |
| generateReleaseNotes: true |