fix: exclude deprecations from Yarn Berry audit results #32
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Pull Request | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - '*.md' # Ignore only in root; we generally want to run build for `site/` changes | |
| - '**/README.md' # Ignore all READMEs | |
| - '.github/**/*.md' # Ignore github config | |
| permissions: {} | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc | |
| jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using | |
| fail-fast: false | |
| name: Build and Test (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }}) | |
| permissions: | |
| security-events: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Check ODC Data Cache | |
| id: odc-data-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: core/target/data | |
| key: odc-data | |
| - uses: actions/[email protected] | |
| with: | |
| dotnet-version: '8.0.x' | |
| - name: Set up JDKs | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: | # last version takes precedence as default | |
| ${{ matrix.jdk_test_version }} | |
| ${{ matrix.jdk_default_version }} | |
| distribution: 'zulu' | |
| check-latest: true | |
| cache: 'maven' | |
| cache-dependency-path: '**/pom.xml' | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| with: | |
| version: 6.0.2 | |
| - name: Build/Test with Maven | |
| id: build | |
| run: > | |
| mvn -V -s settings.xml -pl '!maven' -am | |
| clean verify | |
| -Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64" | |
| ${{ matrix.jdk_test_version == matrix.jdk_default_version && 'source:jar javadoc:jar site' || '' }} | |
| --no-transfer-progress --batch-mode -Dstyle.color=always | |
| - name: SARIF Multitool | |
| uses: microsoft/[email protected] | |
| with: | |
| # Command to be sent to SARIF Multitool | |
| command: 'validate core/target/test-reports/Report.sarif' | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: utils/target/spotbugsSarif.json | |
| category: spotbugs-utils | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: cli/target/spotbugsSarif.json | |
| category: spotbugs-cli | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: ant/target/spotbugsSarif.json | |
| category: spotbugs-ant | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: core/target/spotbugsSarif.json | |
| category: spotbugs-core | |
| - name: Archive Snapshot | |
| if: matrix.jdk_test_version == matrix.jdk_default_version | |
| id: archive-snapshot | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: archive-snapshot | |
| retention-days: 1 | |
| path: | | |
| **/target/*.asc | |
| **/target/*.jar | |
| **/target/*.pom | |
| ant/target/*.zip | |
| cli/target/*.zip | |
| maven: | |
| strategy: | |
| matrix: | |
| jdk_default_version: [ '25' ] # Single JDK version to run Maven with and use for compilation etc | |
| jdk_test_version: [ '11', '17', '21', '25' ] # JDK version to run surefire/failsafe tests using | |
| fail-fast: false | |
| name: Regression Test Maven Plugin (JDK ${{ matrix.jdk_test_version }}${{ matrix.jdk_test_version == matrix.jdk_default_version && ' - Default' || '' }}) | |
| permissions: | |
| security-events: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Maven Integration Test Cache | |
| id: maven-it-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: maven/target/local-repo | |
| key: mvn-it-repo | |
| - name: Check ODC Data Cache | |
| id: odc-data-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: core/target/data | |
| key: odc-data | |
| - uses: actions/[email protected] | |
| with: | |
| dotnet-version: '8.0.x' | |
| - name: Set up JDKs | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: | # last version takes precedence as default | |
| ${{ matrix.jdk_test_version }} | |
| ${{ matrix.jdk_default_version }} | |
| distribution: 'zulu' | |
| check-latest: true | |
| cache: 'maven' | |
| cache-dependency-path: '**/pom.xml' | |
| - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 | |
| with: | |
| version: 6.0.2 | |
| - name: Regression Test Maven Plugin | |
| id: build | |
| env: | |
| NVD_API_KEY: ${{ secrets.NVD_API_KEY }} | |
| run: > | |
| mvn -V -s settings.xml -pl maven -am | |
| clean verify -DskipTests=true -PFullIntegrationTesting | |
| -Dtoolchain.jdk.test.version=${{ matrix.jdk_test_version }} -Dtoolchain.jdk.test.home="$JAVA_HOME_${{ matrix.jdk_test_version }}_X64" | |
| --no-transfer-progress --batch-mode -Dstyle.color=always | |
| - name: Archive IT test logs | |
| id: archive-logs | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: it-test-logs-jdk-${{ matrix.jdk_test_version }} | |
| retention-days: 7 | |
| path: maven/target/it/**/build.log | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: maven/target/spotbugsSarif.json | |
| category: spotbugs-maven | |
| checkstyle: | |
| name: Checkstyle Validation | |
| permissions: | |
| security-events: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '25' | |
| distribution: 'zulu' | |
| check-latest: true | |
| cache: 'maven' | |
| cache-dependency-path: '**/pom.xml' | |
| - name: Checkstyle | |
| id: checkstyle | |
| run: | | |
| mvn -V -s settings.xml checkstyle:checkstyle-aggregate --no-transfer-progress --batch-mode -Dstyle.color=always | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: target/checkstyle-result.sarif | |
| category: checkstyle | |
| docker: | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| name: Build and Test Docker | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '25' | |
| distribution: 'zulu' | |
| check-latest: true | |
| cache: 'maven' | |
| cache-dependency-path: '**/pom.xml' | |
| - name: Download release build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: archive-snapshot | |
| - name: Set up Docker | |
| uses: docker/setup-docker-action@v5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Build Docker Image | |
| run: ./docker-build.sh | |
| - name: build scan target | |
| run: > | |
| mvn -V -s settings.xml -pl cli -am | |
| package -DskipTests=true | |
| --no-transfer-progress --batch-mode -Dstyle.color=always | |
| - name: Test Docker Image | |
| run: ./docker-test.sh |