Skip to content

Bump github/codeql-action from 3.27.7 to 3.27.9 #240

Bump github/codeql-action from 3.27.7 to 3.27.9

Bump github/codeql-action from 3.27.7 to 3.27.9 #240

Workflow file for this run

on:
push:
branches:
- release/**
- develop
- feature/**
pull_request:
types: [opened, synchronize, reopened]
branches:
- release/**
- develop
- feature/**
merge_group:
workflow_dispatch:
inputs:
linkcheck_fail_on_error:
description: 'a boolean flag that determines if bad links found by the link checker fail fast and stop a complete build'
required: false
default: true
type: boolean
linkcheck_create_issue:
description: 'create new GitHub issue if broken links found'
required: false
default: false
type: boolean
name: Build and Test
env:
INPUT_FAIL_ON_ERROR: ${{ github.event.inputs.linkcheck_fail_on_error || 'true' }}
INPUT_ISSUE_ON_ERROR: ${{ github.event.inputs.linkcheck_create_issue || 'false' }}
MAVEN_VERSION: 3.9.8
JAVA_DISTRO: 'temurin'
JAVA_VERSION_FILE: .java-version
# Post Maven artifacts to the artifact repo if the branch is 'develop' or 'release/*'. This avoids publishing artifacts for pull requests
COMMIT_MAVEN_ARTIFACTS: ${{ (github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) && github.repository_owner == 'metaschema-framework' }}
# Upload CodeQL results if the branch is 'develop' or 'release/*' or a pull request targeting these branches.
UPLOAD_CODEQL: ${{ ((github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) || (github.event_name == 'pull_request' && (github.base_ref == 'refs/heads/develop' || startsWith(github.base_ref, 'refs/heads/release/')))) && 'always' || 'never' }}
jobs:
build-code:
name: Code
runs-on: ubuntu-20.04
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive
filter: tree:0
- name: Checkout maven2 branch
if: env.COMMIT_MAVEN_ARTIFACTS == 'true'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
path: maven2
ref: main
repository: metaschema-framework/maven2
token: ${{ secrets.ACCESS_TOKEN }}
fetch-depth: 2
persist-credentials: true
# -------------------------
# Java Environment Setup
# -------------------------
- name: Set up Maven
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: Set up JDK
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b
with:
java-version-file: ${{ env.JAVA_VERSION_FILE }}
distribution: ${{ env.JAVA_DISTRO }}
cache: 'maven'
- name: Initialize CodeQL
uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae
with:
languages: java
# -------------------------
# Maven Build
# -------------------------
- name: Build and Test Code
run: |
mvn -B -e -Prelease -Psnapshots -DaltDeploymentRepository=repo-snapshot::file://${GITHUB_WORKSPACE}/maven2/ -DaltSnapshotDeploymentRepository=repo-snapshot::file://${GITHUB_WORKSPACE}/maven2/ -DrepositoryId=repo-snapshot deploy
- name: Deploy Artifacts
if: env.COMMIT_MAVEN_ARTIFACTS == 'true'
run: |
MVN_COORDS=$(echo '${project.groupId}:${project.artifactId}:${project.version}' | mvn -N -q -DforceStdout help:evaluate)
cd maven2
echo "Configuring git identity"
git config user.name "GitHub Action"
git config user.email "[email protected]"
echo "Comitting artifacts"
git add -A
git commit -m "[CI SKIP] Deploying artifacts for $MVN_COORDS."
echo "Syncing with latest"
git pull -r -s ours
echo "Pushing changes"
git push --force-with-lease
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae
with:
upload: ${{ env.UPLOAD_CODEQL }}
build-website:
name: Website
runs-on: ubuntu-20.04
permissions:
actions: read
contents: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive
filter: tree:0
# -------------------------
# Java Environment Setup
# -------------------------
- name: Set up Maven
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: Set up JDK
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b
with:
java-version-file: ${{ env.JAVA_VERSION_FILE }}
distribution: ${{ env.JAVA_DISTRO }}
cache: 'maven'
# -------------------------
# Maven Build
# -------------------------
- name: Build and Test Website
run: |
mvn -B -e -PCI -Prelease install site site:stage -Dmaven.test.skip=true
- name: Zip Artifacts for Upload
run: |
zip ${{ runner.temp }}/website.zip -r target/staging
- name: Upload generated site
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: website
path: |
${{ runner.temp }}/website.zip
retention-days: 5
- id: linkchecker
name: Link Checker
uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915
with:
args: --verbose --no-progress --accept 200,206,429 './target/staging/**/*.html' --remap "https://github.com/metaschema-framework/oscal-cli/tree/develop/ file://${GITHUB_WORKSPACE}/" --remap "https://oscal-cli.metaschema.dev/ file://${GITHUB_WORKSPACE}/target/staging/" --exclude-mail
format: markdown
output: html-link-report.md
debug: true
fail: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
continue-on-error: true
- name: Upload link check report
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: html-link-report
path: html-link-report.md
retention-days: 5
- name: Create issue if bad links detected
if: ${{ !cancelled() && env.lychee_exit_code != 0 && env.INPUT_ISSUE_ON_ERROR == 'true' }}
uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd
with:
title: Scheduled Check of Website Content Found Bad Hyperlinks
content-filepath: ./lychee/out.md
labels: |
bug
documentation
- name: Fail on link check error
if: ${{ !cancelled() && env.lychee_exit_code != 0 && env.INPUT_FAIL_ON_ERROR == 'true' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
core.setFailed('Link checker detected broken or invalid links, read attached report.')