Bump org.owasp:dependency-check-gradle from 8.4.0 to 8.4.2 (#1279) #3401
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
permissions: read-all | |
on: [ push, pull_request ] | |
env: | |
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }} | |
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} | |
ALLOWED_ENDPOINTS: > | |
api.adoptium.net:443 | |
api.github.com:443 | |
api.snapcraft.io:443 | |
artifactcache.actions.githubusercontent.com:443 | |
caffeine.gradle-enterprise.cloud:443 | |
cdn.azul.com:443 | |
cloudflare.com:443 | |
docker.io:443 | |
download.java.net:443 | |
download.oracle.com:443 | |
downloads.gradle.org:443 | |
downloads.gradle-dn.com:443 | |
gds.oracle.com:443 | |
ghcr.io:443 | |
github.com:443 | |
jdk.java.net:443 | |
jcenter.bintray.com:443 | |
objects.githubusercontent.com:443 | |
oss.sonatype.org:443 | |
pipelines.actions.githubusercontent.com:443 | |
plugins.gradle.org:443 | |
plugins-artifacts.gradle.org:443 | |
raw.githubusercontent.com:443 | |
registry.npmjs.org:443 | |
repo.gradle.org:443 | |
repo.maven.apache.org:443 | |
repo1.maven.org:443 | |
scans-in.gradle.com:443 | |
services.gradle.org:443 | |
schemastore.org:443 | |
www.graalvm.org:443 | |
PUBLISH_JDK: 11 | |
EA_JDK: 22 | |
jobs: | |
compile: | |
name: Compile | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
java: [ 11, 21, 22, GraalVM ] | |
env: | |
JAVA_VERSION: ${{ matrix.java }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Prepare GraalVM | |
if: matrix.java == 'GraalVM' | |
shell: bash | |
run: echo "GRADLE_ARGS=--no-build-cache" >> $GITHUB_ENV | |
- name: Compile | |
uses: ./.github/actions/run-gradle | |
with: | |
java: ${{ matrix.java }} | |
early-access: ${{ env.EA_JDK }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
arguments: check -x test ${{ env.GRADLE_ARGS }} | |
- name: Cancel if failed | |
uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # 0.3 | |
continue-on-error: true | |
if: failure() | |
tests: | |
name: Tests | |
timeout-minutes: 60 | |
runs-on: ubuntu-latest | |
needs: compile | |
strategy: | |
matrix: | |
suite: | |
- caffeine:weakKeysAndStrongValuesStatsAsyncCaffeineSlowTest | |
- caffeine:weakKeysAndStrongValuesStatsSyncCaffeineSlowTest | |
- caffeine:strongKeysAndWeakValuesStatsSyncCaffeineSlowTest | |
- caffeine:strongKeysAndSoftValuesStatsSyncCaffeineSlowTest | |
- caffeine:strongKeysAndStrongValuesStatsAsyncCaffeineTest | |
- caffeine:weakKeysAndWeakValuesStatsSyncCaffeineSlowTest | |
- caffeine:weakKeysAndSoftValuesStatsSyncCaffeineSlowTest | |
- caffeine:strongKeysAndStrongValuesStatsSyncCaffeineTest | |
- caffeine:weakKeysAndStrongValuesStatsSyncGuavaSlowTest | |
- caffeine:weakKeysAndStrongValuesStatsAsyncCaffeineTest | |
- caffeine:strongKeysAndWeakValuesStatsSyncGuavaSlowTest | |
- caffeine:strongKeysAndSoftValuesStatsSyncGuavaSlowTest | |
- caffeine:weakKeysAndStrongValuesStatsSyncCaffeineTest | |
- caffeine:weakKeysAndStrongValuesAsyncCaffeineSlowTest | |
- caffeine:strongKeysAndWeakValuesStatsSyncCaffeineTest | |
- caffeine:strongKeysAndSoftValuesStatsSyncCaffeineTest | |
- caffeine:weakKeysAndWeakValuesStatsSyncGuavaSlowTest | |
- caffeine:weakKeysAndStrongValuesSyncCaffeineSlowTest | |
- caffeine:weakKeysAndSoftValuesStatsSyncGuavaSlowTest | |
- caffeine:strongKeysAndWeakValuesSyncCaffeineSlowTest | |
- caffeine:strongKeysAndStrongValuesStatsSyncGuavaTest | |
- caffeine:strongKeysAndSoftValuesSyncCaffeineSlowTest | |
- caffeine:weakKeysAndWeakValuesStatsSyncCaffeineTest | |
- caffeine:weakKeysAndSoftValuesStatsSyncCaffeineTest | |
- caffeine:strongKeysAndStrongValuesAsyncCaffeineTest | |
- caffeine:weakKeysAndWeakValuesSyncCaffeineSlowTest | |
- caffeine:weakKeysAndStrongValuesStatsSyncGuavaTest | |
- caffeine:weakKeysAndSoftValuesSyncCaffeineSlowTest | |
- caffeine:strongKeysAndWeakValuesStatsSyncGuavaTest | |
- caffeine:strongKeysAndStrongValuesSyncCaffeineTest | |
- caffeine:strongKeysAndSoftValuesStatsSyncGuavaTest | |
- caffeine:weakKeysAndStrongValuesSyncGuavaSlowTest | |
- caffeine:weakKeysAndStrongValuesAsyncCaffeineTest | |
- caffeine:strongKeysAndWeakValuesSyncGuavaSlowTest | |
- caffeine:strongKeysAndSoftValuesSyncGuavaSlowTest | |
- caffeine:weakKeysAndWeakValuesStatsSyncGuavaTest | |
- caffeine:weakKeysAndStrongValuesSyncCaffeineTest | |
- caffeine:weakKeysAndSoftValuesStatsSyncGuavaTest | |
- caffeine:strongKeysAndWeakValuesSyncCaffeineTest | |
- caffeine:strongKeysAndSoftValuesSyncCaffeineTest | |
- caffeine:weakKeysAndWeakValuesSyncGuavaSlowTest | |
- caffeine:weakKeysAndSoftValuesSyncGuavaSlowTest | |
- caffeine:strongKeysAndStrongValuesSyncGuavaTest | |
- caffeine:weakKeysAndWeakValuesSyncCaffeineTest | |
- caffeine:weakKeysAndSoftValuesSyncCaffeineTest | |
- caffeine:weakKeysAndStrongValuesSyncGuavaTest | |
- caffeine:strongKeysAndWeakValuesSyncGuavaTest | |
- caffeine:strongKeysAndSoftValuesSyncGuavaTest | |
- caffeine:weakKeysAndWeakValuesSyncGuavaTest | |
- caffeine:weakKeysAndSoftValuesSyncGuavaTest | |
- caffeine:lincheckTest | |
- caffeine:isolatedTest | |
- caffeine:junitTest | |
- simulator:check | |
- jcache:check | |
- guava:check | |
java: [ 11 ] | |
env: | |
JAVA_VERSION: ${{ matrix.java }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Run tests (${{ matrix.suite }}) | |
uses: ./.github/actions/run-gradle | |
with: | |
java: ${{ matrix.java }} | |
arguments: ${{ matrix.suite }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Format Test Artifact Name | |
if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) | |
run: | | |
RAW_NAME=${{ matrix.suite }}-${{ env.JAVA_VERSION }} | |
ARTIFACT_NAME=$(echo $RAW_NAME | sed 's/:/-/g') | |
echo "ARTIFACT_NAME=$ARTIFACT_NAME" >> $GITHUB_ENV | |
- name: Compress test results | |
if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) | |
run: > | |
find . -path */jacoco/*.exec -o -path */results/*.xml | |
| tar czf ${{ env.ARTIFACT_NAME }}.tar.gz --files-from - | |
- name: Upload test results | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK) | |
with: | |
retention-days: 1 | |
name: ${{ env.ARTIFACT_NAME }}-results | |
path: ${{ env.ARTIFACT_NAME }}.tar.gz | |
- name: Cancel if failed | |
uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # 0.3 | |
continue-on-error: true | |
if: failure() | |
coverage: | |
name: Coverage | |
runs-on: ubuntu-latest | |
needs: tests | |
if: github.event_name == 'push' | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
${{ env.ALLOWED_ENDPOINTS }} | |
artifacts.codacy.com:443 | |
api.codacy.com:443 | |
codecov.io:443 | |
coveralls.io:443 | |
fastly.com:443 | |
nodejs.org:443 | |
raw.githubusercontent.com | |
sonarcloud.io:443 | |
scanner.sonarcloud.io:443 | |
storage.googleapis.com:443 | |
uploader.codecov.io:443 | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Download Tests Results | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
- name: Decompress | |
run: find . -type f -name '*.tar.gz' -exec sh -c 'tar -zxf {} --one-top-level' \; | |
- name: Combine Jacoco Reports | |
uses: ./.github/actions/run-gradle | |
with: | |
arguments: check -x test | |
java: ${{ env.PUBLISH_JDK }} | |
- name: Publish to Coveralls | |
uses: ./.github/actions/run-gradle | |
env: | |
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
with: | |
arguments: coveralls | |
java: ${{ env.PUBLISH_JDK }} | |
continue-on-error: true | |
- name: Publish to Codecov | |
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Publish to Codacy | |
uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1.3.0 | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
continue-on-error: true | |
- name: Publish to SonarQube | |
uses: ./.github/actions/run-gradle | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
with: | |
java: ${{ env.PUBLISH_JDK }} | |
arguments: sonar -Dsonar.branch.name=${GITHUB_REF##*/} | |
continue-on-error: true | |
test-results: | |
name: Test Results | |
runs-on: ubuntu-latest | |
needs: tests | |
if: github.event_name == 'push' | |
permissions: | |
checks: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
${{ env.ALLOWED_ENDPOINTS }} | |
badgen.net:443 | |
- name: Download Tests | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
- name: Decompress | |
run: find . -type f -name '*.tar.gz' -exec sh -c 'tar -zxf {} --one-top-level' \; | |
- name: Publish Test Results | |
uses: EnricoMi/publish-unit-test-result-action@ca89ad036b5fcd524c1017287fb01b5139908408 # v2.11.0 | |
continue-on-error: true | |
id: test-results | |
with: | |
json_thousands_separator: ',' | |
junit_files: '**/TEST-*.xml' | |
comment_mode: off | |
ignore_runs: true | |
job_summary: true | |
- name: Create badge | |
id: test-badge | |
env: | |
LABEL: tests | |
COLOR: 31c653 | |
STATUS: ${{ fromJSON(steps.test-results.outputs.json).formatted.stats.runs }} | |
continue-on-error: true | |
run: curl -s -f https://badgen.net/badge/${{env.LABEL}}/${{env.STATUS}}/${{env.COLOR}} > badge.svg | |
- name: Upload badge to Gist | |
uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0 | |
if: > | |
steps.test-badge.outcome == 'success' | |
&& endsWith(github.ref, github.event.repository.default_branch) | |
with: | |
gist_url: https://gist.githubusercontent.com/ben-manes/c20eb418f0e0bd6dfe1c25beb35faae4 | |
auth: ${{ secrets.GIST_TOKEN }} | |
gist_description: Test Results | |
github_file: badge.svg | |
gist_title: badge.svg | |
publish-snapshot: | |
name: Publish Snapshot | |
runs-on: ubuntu-latest | |
needs: tests | |
if: > | |
github.event_name == 'push' | |
&& endsWith(github.ref, github.event.repository.default_branch) | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
${{ env.ALLOWED_ENDPOINTS }} | |
checkerframework.org:443 | |
docs.oracle.com:443 | |
errorprone.info:443 | |
lightbend.github.io:443 | |
guava.dev:443 | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up JDK ${{ env.PUBLISH_JDK }} | |
uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0 | |
with: | |
action: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 | |
with: | | |
distribution: temurin | |
java-version: ${{ env.PUBLISH_JDK }} | |
attempt_limit: 3 | |
attempt_delay: 2000 | |
- name: Setup Gradle | |
uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0 | |
timeout-minutes: 5 | |
with: | |
action: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2 | |
with: | | |
cache-read-only: false | |
arguments: help --no-scan | |
generate-job-summary: false | |
gradle-home-cache-cleanup: true | |
attempt_limit: 3 | |
attempt_delay: 2000 | |
- name: Publish Snapshot | |
env: | |
JAVA_VERSION: ${{ env.PUBLISH_JDK }} | |
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.NEXUS_USERNAME }} | |
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.NEXUS_PASSWORD }} | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }} | |
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.OSSRH_GPG_SECRET_KEY_ID }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} | |
run: ./gradlew --no-configuration-cache publishToSonatype |