Skip to content

Bump org.owasp:dependency-check-gradle from 8.4.3 to 9.0.0 #3532

Bump org.owasp:dependency-check-gradle from 8.4.3 to 9.0.0

Bump org.owasp:dependency-check-gradle from 8.4.3 to 9.0.0 #3532

Workflow file for this run

name: build
on:
pull_request: {}
push:
branches: [master, v2.dev, v3.dev]
permissions: read-all
env:
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
ALLOWED_ENDPOINTS: >
api.adoptium.net:443
api.github.com:443
api.snapcraft.io:443
artifactcache.actions.githubusercontent.com:443
caffeine.gradle-enterprise.cloud:443
cdn.azul.com:443
cloudflare.com:443
docker.io:443
download.java.net:443
download.oracle.com:443
downloads.gradle.org:443
downloads.gradle-dn.com:443
gds.oracle.com:443
ghcr.io:443
github.com:443
jdk.java.net:443
jcenter.bintray.com:443
objects.githubusercontent.com:443
oss.sonatype.org:443
pipelines.actions.githubusercontent.com:443
plugins.gradle.org:443
plugins-artifacts.gradle.org:443
raw.githubusercontent.com:443
registry.npmjs.org:443
repo.gradle.org:443
repo.maven.apache.org:443
repo1.maven.org:443
scans-in.gradle.com:443
services.gradle.org:443
schemastore.org:443
www.graalvm.org:443
PUBLISH_JDK: 11
EA_JDK: 22
jobs:
compile:
name: Compile
timeout-minutes: 15
runs-on: ubuntu-latest
strategy:
matrix:
java: [ 11, 21, 22, GraalVM ]
env:
JAVA_VERSION: ${{ matrix.java }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Prepare GraalVM
if: env.JAVA_VERSION == 'GraalVM'
shell: bash
run: echo "GRADLE_ARGS=--no-build-cache" >> $GITHUB_ENV
- name: Compile
uses: ./.github/actions/run-gradle
with:
java: ${{ env.JAVA_VERSION }}
early-access: ${{ env.EA_JDK }}
token: ${{ secrets.GITHUB_TOKEN }}
arguments: check -x test ${{ env.GRADLE_ARGS }}
- name: Cancel if failed
uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # 0.3
continue-on-error: true
if: failure()
tests:
name: Tests
timeout-minutes: 60
runs-on: ubuntu-latest
needs: compile
strategy:
matrix:
suite:
- caffeine:weakKeysAndStrongValuesStatsAsyncCaffeineSlowTest
- caffeine:weakKeysAndStrongValuesStatsSyncCaffeineSlowTest
- caffeine:strongKeysAndWeakValuesStatsSyncCaffeineSlowTest
- caffeine:strongKeysAndSoftValuesStatsSyncCaffeineSlowTest
- caffeine:strongKeysAndStrongValuesStatsAsyncCaffeineTest
- caffeine:weakKeysAndWeakValuesStatsSyncCaffeineSlowTest
- caffeine:weakKeysAndSoftValuesStatsSyncCaffeineSlowTest
- caffeine:strongKeysAndStrongValuesStatsSyncCaffeineTest
- caffeine:weakKeysAndStrongValuesStatsAsyncCaffeineTest
- caffeine:weakKeysAndStrongValuesStatsSyncCaffeineTest
- caffeine:weakKeysAndStrongValuesAsyncCaffeineSlowTest
- caffeine:strongKeysAndWeakValuesStatsSyncCaffeineTest
- caffeine:strongKeysAndSoftValuesStatsSyncCaffeineTest
- caffeine:weakKeysAndStrongValuesSyncCaffeineSlowTest
- caffeine:strongKeysAndWeakValuesSyncCaffeineSlowTest
- caffeine:strongKeysAndSoftValuesSyncCaffeineSlowTest
- caffeine:weakKeysAndWeakValuesStatsSyncCaffeineTest
- caffeine:weakKeysAndSoftValuesStatsSyncCaffeineTest
- caffeine:strongKeysAndStrongValuesAsyncCaffeineTest
- caffeine:weakKeysAndWeakValuesSyncCaffeineSlowTest
- caffeine:weakKeysAndSoftValuesSyncCaffeineSlowTest
- caffeine:strongKeysAndStrongValuesSyncCaffeineTest
- caffeine:weakKeysAndStrongValuesAsyncCaffeineTest
- caffeine:weakKeysAndStrongValuesSyncCaffeineTest
- caffeine:strongKeysAndWeakValuesSyncCaffeineTest
- caffeine:strongKeysAndSoftValuesSyncCaffeineTest
- caffeine:weakKeysAndWeakValuesSyncCaffeineTest
- caffeine:weakKeysAndSoftValuesSyncCaffeineTest
- caffeine:lincheckTest
- caffeine:isolatedTest
- caffeine:junitTest
- simulator:check
- jcache:check
- guava:check
java: [ 11, 21 ]
include:
- suite: caffeine:weakKeysAndStrongValuesStatsSyncGuavaSlowTest
java: 11
- suite: caffeine:strongKeysAndWeakValuesStatsSyncGuavaSlowTest
java: 11
- suite: caffeine:strongKeysAndSoftValuesStatsSyncGuavaSlowTest
java: 11
- suite: caffeine:weakKeysAndWeakValuesStatsSyncGuavaSlowTest
java: 11
- suite: caffeine:weakKeysAndSoftValuesStatsSyncGuavaSlowTest
java: 11
- suite: caffeine:strongKeysAndStrongValuesStatsSyncGuavaTest
java: 11
- suite: caffeine:weakKeysAndStrongValuesStatsSyncGuavaTest
java: 11
- suite: caffeine:strongKeysAndWeakValuesStatsSyncGuavaTest
java: 11
- suite: caffeine:strongKeysAndSoftValuesStatsSyncGuavaTest
java: 11
- suite: caffeine:weakKeysAndStrongValuesSyncGuavaSlowTest
java: 11
- suite: caffeine:strongKeysAndWeakValuesSyncGuavaSlowTest
java: 11
- suite: caffeine:strongKeysAndSoftValuesSyncGuavaSlowTest
java: 11
- suite: caffeine:weakKeysAndWeakValuesStatsSyncGuavaTest
java: 11
- suite: caffeine:weakKeysAndSoftValuesStatsSyncGuavaTest
java: 11
- suite: caffeine:weakKeysAndWeakValuesSyncGuavaSlowTest
java: 11
- suite: caffeine:weakKeysAndSoftValuesSyncGuavaSlowTest
java: 11
- suite: caffeine:strongKeysAndStrongValuesSyncGuavaTest
java: 11
- suite: caffeine:weakKeysAndStrongValuesSyncGuavaTest
java: 11
- suite: caffeine:strongKeysAndWeakValuesSyncGuavaTest
java: 11
- suite: caffeine:strongKeysAndSoftValuesSyncGuavaTest
java: 11
- suite: caffeine:weakKeysAndWeakValuesSyncGuavaTest
java: 11
- suite: caffeine:weakKeysAndSoftValuesSyncGuavaTest
java: 11
env:
JAVA_VERSION: ${{ matrix.java }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run tests (${{ env.JAVA_VERSION }})
uses: ./.github/actions/run-gradle
with:
java: ${{ env.JAVA_VERSION }}
arguments: ${{ matrix.suite }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Format Test Artifact Name
if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK)
run: |
RAW_NAME=${{ matrix.suite }}-${{ env.JAVA_VERSION }}
ARTIFACT_NAME=$(echo $RAW_NAME | sed 's/:/-/g')
echo "ARTIFACT_NAME=$ARTIFACT_NAME" >> $GITHUB_ENV
- name: Compress test results
if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK)
run: >
find . -path */jacoco/*.exec -o -path */results/*.xml
| tar czf ${{ env.ARTIFACT_NAME }}.tar.gz --files-from -
- name: Upload test results
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
if: always() && (env.JAVA_VERSION == env.PUBLISH_JDK)
with:
retention-days: 1
name: ${{ env.ARTIFACT_NAME }}-results
path: ${{ env.ARTIFACT_NAME }}.tar.gz
- name: Cancel if failed
uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # 0.3
continue-on-error: true
if: failure()
coverage:
name: Coverage
runs-on: ubuntu-latest
needs: tests
if: github.event_name == 'push'
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
${{ env.ALLOWED_ENDPOINTS }}
artifacts.codacy.com:443
api.codacy.com:443
codecov.io:443
coveralls.io:443
fastly.com:443
nodejs.org:443
raw.githubusercontent.com
sonarcloud.io:443
scanner.sonarcloud.io:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Download Tests Results
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- name: Decompress
run: find . -type f -name '*.tar.gz' -exec sh -c 'tar -zxf {} --one-top-level' \;
- name: Combine Jacoco Reports
uses: ./.github/actions/run-gradle
with:
arguments: check -x test
java: ${{ env.PUBLISH_JDK }}
- name: Publish to Coveralls
uses: ./.github/actions/run-gradle
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
with:
arguments: coveralls
java: ${{ env.PUBLISH_JDK }}
continue-on-error: true
- name: Publish to Codecov
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Publish to Codacy
uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1.3.0
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
continue-on-error: true
- name: Publish to SonarQube
uses: ./.github/actions/run-gradle
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
java: ${{ env.PUBLISH_JDK }}
arguments: sonar -Dsonar.branch.name=${GITHUB_REF##*/}
continue-on-error: true
test-results:
name: Test Results
runs-on: ubuntu-latest
needs: tests
if: github.event_name == 'push'
permissions:
checks: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
${{ env.ALLOWED_ENDPOINTS }}
badgen.net:443
- name: Download Tests
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- name: Decompress
run: find . -type f -name '*.tar.gz' -exec sh -c 'tar -zxf {} --one-top-level' \;
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@ca89ad036b5fcd524c1017287fb01b5139908408 # v2.11.0
continue-on-error: true
id: test-results
with:
json_thousands_separator: ','
junit_files: '**/TEST-*.xml'
comment_mode: off
ignore_runs: true
job_summary: true
- name: Create badge
id: test-badge
env:
LABEL: tests
COLOR: 31c653
STATUS: ${{ fromJSON(steps.test-results.outputs.json).formatted.stats.runs }}
continue-on-error: true
run: curl -s -f https://badgen.net/badge/${{env.LABEL}}/${{env.STATUS}}/${{env.COLOR}} > badge.svg
- name: Upload badge to Gist
uses: popsiclestick/gist-sync-action@88f8633178625914f2a01abf1a765f7272a580fa # v1.2.0
if: >
steps.test-badge.outcome == 'success'
&& endsWith(github.ref, github.event.repository.default_branch)
with:
gist_url: https://gist.githubusercontent.com/ben-manes/c20eb418f0e0bd6dfe1c25beb35faae4
auth: ${{ secrets.GIST_TOKEN }}
gist_description: Test Results
github_file: badge.svg
gist_title: badge.svg
publish-snapshot:
name: Publish Snapshot
runs-on: ubuntu-latest
needs: tests
if: >
github.event_name == 'push'
&& endsWith(github.ref, github.event.repository.default_branch)
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
${{ env.ALLOWED_ENDPOINTS }}
checkerframework.org:443
docs.oracle.com:443
errorprone.info:443
lightbend.github.io:443
guava.dev:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK ${{ env.PUBLISH_JDK }}
uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
with:
action: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
with: |
distribution: temurin
java-version: ${{ env.PUBLISH_JDK }}
attempt_limit: 3
attempt_delay: 2000
- name: Setup Gradle
uses: Wandalen/wretry.action@a163f62ae554a8f3cbe27b23db15b60c0ae2e93c # v1.3.0
timeout-minutes: 5
with:
action: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2
with: |
cache-read-only: false
arguments: help --no-scan
generate-job-summary: false
gradle-home-cache-cleanup: true
attempt_limit: 3
attempt_delay: 2000
- name: Publish Snapshot
env:
JAVA_VERSION: ${{ env.PUBLISH_JDK }}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.NEXUS_USERNAME }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.NEXUS_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.OSSRH_GPG_SECRET_KEY_ID }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
run: ./gradlew --no-configuration-cache publishToSonatype