Bump github/codeql-action from 2.22.1 to 2.22.5 #277
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle | |
name: Build | |
on: | |
push: | |
branches: [ main ] | |
tags: [ "v*.*.*" ] | |
pull_request: | |
branches: [ main ] | |
schedule: | |
- cron: "39 5 1,15 * *" | |
workflow_dispatch: | |
inputs: | |
publish_artifacts: | |
description: "Publish snapshot artifacts: true or false?" | |
default: "true" | |
permissions: | |
contents: read | |
jobs: | |
build: | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1.1.0 | |
- name: Fetch version history | |
# Do NOT want to fetch all tags if building a specific tag. | |
# Doing so could result in code published with wrong version, if newer tags have been pushed | |
if: (!startsWith(github.ref, 'refs/tags/')) | |
run: git fetch --tag --unshallow | |
- name: Set up JDK | |
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 | |
with: | |
gradle-home-cache-cleanup: true | |
- name: Build | |
env: | |
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
run: ./gradlew build coveralls | |
- name: Publish | |
if: github.event_name == 'push' || github.event.inputs.publish_artifacts == 'true' | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }} | |
ORG_GRADLE_PROJECT_SONA_USERNAME: ${{ secrets.SONA_USERNAME }} | |
ORG_GRADLE_PROJECT_SONA_PASSWORD: ${{ secrets.SONA_PASSWORD }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
./gradlew cV | |
./gradlew publish closeAndReleaseStagingRepository | |
- name: Publish to Gradle Plugins Portal | |
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha') | |
env: | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGKEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.ORG_GRADLE_PROJECT_SIGNINGPASSWORD }} | |
GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} | |
GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} | |
run: | | |
./gradlew -Dgradle.publish.key="$GRADLE_PUBLISH_KEY" -Dgradle.publish.secret="$GRADLE_PUBLISH_SECRET" publishPlugins | |
create-gh-release: | |
if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '-alpha') | |
needs: build | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.0 | |
- name: Create GitHut Release | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 | |
with: | |
generate_release_notes: true |