Skip to content

Commit

Permalink
organize allowed endpoints for github actions
Browse files Browse the repository at this point in the history
  • Loading branch information
ben-manes committed May 26, 2022
1 parent 2b31168 commit 2128448
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 23 deletions.
40 changes: 21 additions & 19 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,39 +7,24 @@ env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
ALLOWED_ENDPOINTS: >
1k4dacprodeus2file4.blob.core.windows.net:443
artifactcache.actions.githubusercontent.com:443
artifacts.codacy.com:443
api.azul.com:443
api.codacy.com:443
api.github.com:443
api.azul.com:443
artifactcache.actions.githubusercontent.com:443
caffeine.gradle-enterprise.cloud:443
cdn.azul.com:443
checkerframework.org:443
cloudflare.com:443
codecov.io:443
coveralls.io:443
fastly.com:443
docs.oracle.com:443
downloads.gradle-dn.com:443
ghcr.io:443
github.com:443
guava.dev:443
lightbend.github.io:443
nodejs.org:443
objects.githubusercontent.com:443
oss.sonatype.org:443
pipelines.actions.githubusercontent.com:443
plugins.gradle.org:443
plugins-artifacts.gradle.org:443
raw.githubusercontent.com
repo.gradle.org:443
repo.maven.apache.org:443
repo1.maven.org:443
scans-in.gradle.com:443
services.gradle.org:443
sonarcloud.io:443
storage.googleapis.com:443
uploader.codecov.io:443
LANG: en_US.utf8
MIN_JVM: 11
MAX_JVM: 18
Expand Down Expand Up @@ -221,7 +206,12 @@ jobs:
uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813
with:
egress-policy: block
allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
allowed-endpoints: >
${{ env.ALLOWED_ENDPOINTS }}
checkerframework.org:443
docs.oracle.com:443
lightbend.github.io:443
guava.dev:443
- uses: actions/checkout@v3
- name: Set up JDK ${{ env.MIN_JVM }}
uses: actions/setup-java@v3
Expand Down Expand Up @@ -255,7 +245,19 @@ jobs:
uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813
with:
egress-policy: block
allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }}
allowed-endpoints: >
${{ env.ALLOWED_ENDPOINTS }}
artifacts.codacy.com:443
api.codacy.com:443
codecov.io:443
coveralls.io:443
fastly.com:443
nodejs.org:443
objects.githubusercontent.com:443
raw.githubusercontent.com
sonarcloud.io:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK ${{ env.MAX_JVM }}
Expand Down
8 changes: 4 additions & 4 deletions gradle/coverage.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
*/
apply plugin: 'com.github.kt3k.coveralls'
apply plugin: 'jacoco'
apply plugin: 'java'

def testReport = tasks.register('testReport', TestReport) {
group = 'Build'
Expand Down Expand Up @@ -39,6 +38,9 @@ def jacocoFullReport = tasks.register('jacocoFullReport', JacocoReport) {
mustRunAfter proj.tasks.withType(Test)
executionData fileTree(rootDir.absolutePath).include("**/*${proj.name}*/**/jacoco/*.exec")
}
subprojects.each { proj ->
dependsOn proj.tasks.processResources
}

reports {
html.required = true // human readable
Expand All @@ -61,10 +63,8 @@ tasks.named('coveralls').configure {

allprojects {
apply plugin: 'org.sonarqube'

rootProject.tasks.sonarqube.dependsOn(jacocoFullReport)
rootProject.tasks.sonarqube.dependsOn(tasks.processResources)
}
tasks.sonarqube.dependsOn(jacocoFullReport)

sonarqube {
properties {
Expand Down

0 comments on commit 2128448

Please sign in to comment.