[NOID] More fixes for issues related to URLAccessChecker #1504
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ "dev" ] | |
pull_request: | |
branches: [ "dev" ] | |
env: | |
TEAMCITY_DEV_URL: ${{ secrets.TEAMCITY_DEV_URL }} | |
TEAMCITY_USER: ${{ secrets.TEAMCITY_USER }} | |
TEAMCITY_PASSWORD: ${{ secrets.TEAMCITY_PASSWORD }} | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
jobs: | |
compile: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Compile | |
run: ./gradlew compileJava compileTestJava | |
snyk-test: | |
runs-on: ubuntu-latest | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-snyk | |
- name: Snyk test dependencies | |
run: snyk test --all-projects --severity-threshold=medium --fail-on=all | |
snyk-monitor: | |
runs-on: ubuntu-latest | |
if: github.event_name != 'pull_request' | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-snyk | |
- name: Snyk monitor dependencies | |
run: snyk monitor --all-projects --target-reference=${GITHUB_REF} | |
code-ql: | |
runs-on: ubuntu-latest | |
needs: compile | |
# required by CodeQL | |
permissions: | |
security-events: write | |
actions: read | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: java | |
- name: Compile | |
run: ./gradlew compileJava compileTestJava | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
format-checks: | |
runs-on: ubuntu-latest | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Check all the files are properly formatted | |
run: ./gradlew spotlessApply | |
license-checks: | |
runs-on: ubuntu-latest | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/setup-jdk | |
- uses: ./.github/actions/setup-gradle-cache | |
- name: Check LICENSE and NOTICE files | |
run: ./gradlew validateLicenses generateLicensesFiles | |
tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
project: ['common', 'core', 'processor', 'test-utils', 'it'] | |
java-version: ['17', '21'] | |
env: | |
DOCKER_ENTERPRISE_DEV_URL: ${{ secrets.DOCKER_ENTERPRISE_DEV_URL }} | |
DOCKER_COMMUNITY_DEV_URL: ${{ secrets.DOCKER_COMMUNITY_DEV_URL }} | |
ENTERPRISE_TAR: enterprise-docker.tar | |
COMMUNITY_TAR: community-docker.tar | |
runs-on: ubuntu-latest | |
needs: compile | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download neo4j dev docker container | |
if: matrix.project == 'it' | |
run: | | |
curl -s -L0 -u "${TEAMCITY_USER}:${TEAMCITY_PASSWORD}" -X GET ${DOCKER_ENTERPRISE_DEV_URL} -o ${ENTERPRISE_TAR} & | |
curl -s -L0 -u "${TEAMCITY_USER}:${TEAMCITY_PASSWORD}" -X GET ${DOCKER_COMMUNITY_DEV_URL} -o ${COMMUNITY_TAR} & | |
wait | |
docker load --input ${ENTERPRISE_TAR} | |
docker load --input ${COMMUNITY_TAR} | |
- name: Run ${{ matrix.project }} tests with JDK ${{ matrix.java-version }} | |
uses: ./.github/actions/test-gradle-project | |
with: | |
project-name: ${{ matrix.project }} | |
java-version: ${{ matrix.java-version }} |