Bump github/codeql-action from 3.27.6 to 3.27.8 #988
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- release/** | |
- develop | |
- feature/** | |
pull_request: | |
types: [opened, synchronize, reopened] | |
branches: | |
- release/** | |
- develop | |
- feature/** | |
merge_group: | |
workflow_dispatch: | |
inputs: | |
linkcheck_fail_on_error: | |
description: 'a boolean flag that determines if bad links found by the link checker fail fast and stop a complete build' | |
required: false | |
default: true | |
type: boolean | |
linkcheck_create_issue: | |
description: 'create new GitHub issue if broken links found' | |
required: false | |
default: false | |
type: boolean | |
name: Build and Test | |
env: | |
INPUT_FAIL_ON_ERROR: ${{ github.event.inputs.linkcheck_fail_on_error || 'true' }} | |
INPUT_ISSUE_ON_ERROR: ${{ github.event.inputs.linkcheck_create_issue || 'false' }} | |
MAVEN_VERSION: 3.9.8 | |
JAVA_DISTRO: 'temurin' | |
JAVA_VERSION_FILE: .java-version | |
# Post Maven artifacts to the artifact repo if the branch is 'develop' or 'release/*'. This avoids publishing artifacts for pull requests | |
COMMIT_MAVEN_ARTIFACTS: ${{ (github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) && github.repository_owner == 'metaschema-framework' }} | |
# Upload CodeQL results if the branch is 'develop' or 'release/*' or a pull request targeting these branches. | |
UPLOAD_CODEQL: ${{ ((github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) || (github.event_name == 'pull_request' && (github.base_ref == 'refs/heads/develop' || startsWith(github.base_ref, 'refs/heads/release/')))) && 'always' || 'never' }} | |
jobs: | |
build-code: | |
name: Code | |
runs-on: ubuntu-20.04 | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
submodules: recursive | |
filter: tree:0 | |
- name: Checkout maven2 branch | |
if: env.COMMIT_MAVEN_ARTIFACTS == 'true' | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
path: maven2 | |
ref: main | |
repository: metaschema-framework/maven2 | |
token: ${{ secrets.ACCESS_TOKEN }} | |
fetch-depth: 2 | |
persist-credentials: true | |
# ------------------------- | |
# Java Environment Setup | |
# ------------------------- | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: Set up JDK | |
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b | |
with: | |
java-version-file: ${{ env.JAVA_VERSION_FILE }} | |
distribution: ${{ env.JAVA_DISTRO }} | |
cache: 'maven' | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@8a93837afdf1873301a68d777844b43e98cd4313 | |
with: | |
languages: java | |
# ------------------------- | |
# Maven Build | |
# ------------------------- | |
- name: Build and Test Code | |
run: | | |
mvn -B -e -Prelease -Psnapshots -DaltDeploymentRepository=repo-snapshot::file://${GITHUB_WORKSPACE}/maven2/ -DaltSnapshotDeploymentRepository=repo-snapshot::file://${GITHUB_WORKSPACE}/maven2/ -DrepositoryId=repo-snapshot deploy | |
- name: Deploy Artifacts | |
if: env.COMMIT_MAVEN_ARTIFACTS == 'true' | |
run: | | |
MVN_COORDS=$(echo '${project.groupId}:${project.artifactId}:${project.version}' | mvn -N -q -DforceStdout help:evaluate) | |
cd maven2 | |
echo "Configuring git identity" | |
git config user.name "GitHub Action" | |
git config user.email "[email protected]" | |
echo "Comitting artifacts" | |
git add -A | |
git commit -m "[CI SKIP] Deploying artifacts for $MVN_COORDS." | |
echo "Syncing with latest" | |
git pull -r -s ours | |
echo "Pushing changes" | |
git push --force-with-lease | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@8a93837afdf1873301a68d777844b43e98cd4313 | |
with: | |
upload: ${{ env.UPLOAD_CODEQL }} | |
build-website: | |
name: Website | |
runs-on: ubuntu-20.04 | |
permissions: | |
actions: read | |
contents: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
submodules: recursive | |
filter: tree:0 | |
# ------------------------- | |
# Java Environment Setup | |
# ------------------------- | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: Set up JDK | |
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b | |
with: | |
java-version-file: ${{ env.JAVA_VERSION_FILE }} | |
distribution: ${{ env.JAVA_DISTRO }} | |
cache: 'maven' | |
# ------------------------- | |
# Maven Build | |
# ------------------------- | |
- name: Build and Test Website | |
run: | | |
mvn -B -e -PCI -Prelease install site site:stage -Dmaven.test.skip=true | |
- name: Zip Artifacts for Upload | |
run: | | |
zip ${{ runner.temp }}/website.zip -r target/staging | |
- name: Upload generated site | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
with: | |
name: website | |
path: | | |
${{ runner.temp }}/website.zip | |
retention-days: 5 | |
- id: linkchecker | |
name: Link Checker | |
uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 | |
with: | |
args: --verbose --no-progress --accept 200,206,429 './target/staging/**/*.html' --remap "https://github.com/metaschema-framework/metaschema-java/tree/main/ file://${GITHUB_WORKSPACE}/" --remap "https://metaschema-java.metaschema.dev/ file://${GITHUB_WORKSPACE}/target/staging/" --exclude-mail | |
format: markdown | |
output: html-link-report.md | |
debug: true | |
fail: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
continue-on-error: true | |
- name: Upload link check report | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
with: | |
name: html-link-report | |
path: html-link-report.md | |
retention-days: 5 | |
- name: Create issue if bad links detected | |
if: ${{ !cancelled() && env.lychee_exit_code != 0 && env.INPUT_ISSUE_ON_ERROR == 'true' }} | |
uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd | |
with: | |
title: Scheduled Check of Website Content Found Bad Hyperlinks | |
content-filepath: ./lychee/out.md | |
labels: | | |
bug | |
documentation | |
- name: Fail on link check error | |
if: ${{ !cancelled() && env.lychee_exit_code != 0 && env.INPUT_FAIL_ON_ERROR == 'true' }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
with: | |
script: | | |
core.setFailed('Link checker detected broken or invalid links, read attached report.') |