Skip to content

Bump github/codeql-action from 3.27.1 to 3.27.4 #571

Bump github/codeql-action from 3.27.1 to 3.27.4

Bump github/codeql-action from 3.27.1 to 3.27.4 #571

Workflow file for this run

# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
name: Build
on:
push:
branches: [ main ]
tags: [ "v*.*.*" ]
pull_request:
branches: [ main ]
schedule:
- cron: "39 5 1,15 * *"
workflow_dispatch:
inputs:
publish_artifacts:
description: "Publish snapshot artifacts: true or false?"
default: "true"
permissions:
contents: read
jobs:
build:
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0
- name: Fetch version history
# Do NOT want to fetch all tags if building a specific tag.
# Doing so could result in code published with wrong version, if newer tags have been pushed
if: (!startsWith(github.ref, 'refs/tags/'))
run: git fetch --tag --unshallow
- name: Set up JDK
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
java-version: '17'
distribution: 'adopt'
- name: Setup Gradle
uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
with:
gradle-home-cache-cleanup: true
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
- name: Build
run: ./gradlew check coveralls
- name: Publish
if: github.event_name == 'push' || github.event.inputs.publish_artifacts == 'true'
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }}
ORG_GRADLE_PROJECT_SONA_USERNAME: ${{ secrets.SONA_USERNAME }}
ORG_GRADLE_PROJECT_SONA_PASSWORD: ${{ secrets.SONA_PASSWORD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./gradlew cV
./gradlew publish closeSonatypeStagingRepository # note: release promotion disabled as this is just a release test env.
- name: Publish to Gradle Plugins Portal
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha')
env:
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }}
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
run: |
./gradlew -Dgradle.publish.key="$GRADLE_PUBLISH_KEY" -Dgradle.publish.secret="$GRADLE_PUBLISH_SECRET" publishPlugins
create-gh-release:
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha')
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.0
- name: Create GitHut Release
uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v0.1.15
with:
generate_release_notes: true