Skip to content

build(deps): bump github/codeql-action from 2.21.4 to 2.22.1 #200

build(deps): bump github/codeql-action from 2.21.4 to 2.22.1

build(deps): bump github/codeql-action from 2.21.4 to 2.22.1 #200

Workflow file for this run

name: PR
on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review]
branches: [master, main, beta]
env:
CI: "true"
GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+UseParallelGC -Xmx3g -XX:MetaspaceSize=512M -XX:MaxMetaspaceSize=512M"
GRADLE_CACHE_LOCAL: true
GRADLE_CACHE_REMOTE: true
GRADLE_CACHE_PUSH: true
GRADLE_CACHE_USERNAME: apikey
GRADLE_CACHE_PASSWORD: ${{ secrets.BUILDLESS_APIKEY }}
CACHE_ENDPOINT: ${{ vars.CACHE_ENDPOINT_GRADLE }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
TEST_EXCEPTIONS: true
permissions:
contents: read
jobs:
build:
name: "Build (${{ matrix.label }})"
permissions:
actions: "read"
contents: "write"
id-token: "write"
checks: "write"
pull-requests: "write"
strategy:
fail-fast: false
matrix:
runner: [macOS-latest, windows-latest, ubuntu-latest]
include:
- runner: macOS-latest
flags: "--no-configuration-cache"
os: "macos"
label: "Darwin"
experimental: false
coverage: true
gvm: ${{ vars.GVM_VERSION }}
java: ${{ vars.JVM_VERSION }}
provenance: false
- runner: windows-latest
flags: "--no-configuration-cache"
os: "windows"
label: "Windows"
experimental: false
coverage: true
gvm: ${{ vars.GVM_VERSION }}
java: ${{ vars.JVM_VERSION }}
provenance: false
- runner: ubuntu-latest
flags: "--no-configuration-cache -PsonarScan=true"
os: "linux"
label: "Linux"
experimental: false
coverage: true
gvm: ${{ vars.GVM_VERSION }}
java: ${{ vars.JVM_VERSION }}
provenance: true
uses: ./.github/workflows/step.build.yml
secrets: inherit
with:
runner: ${{ matrix.runner }}
os: ${{ matrix.os }}
label: ${{ matrix.label }}
flags: ${{ matrix.flags }}
experimental: ${{ matrix.experimental }}
java: ${{ matrix.java }}
coverage: ${{ matrix.coverage }}
provenance: ${{ matrix.provenance }}
codeql:
name: "Analysis: CodeQL"
needs: ["build"]
uses: ./.github/workflows/codeql.ci.yml
secrets: inherit
with: {}
permissions:
actions: read
contents: read
security-events: write
qodana:
name: "Analysis: Qodana"
needs: ["build"]
uses: ./.github/workflows/qodana.ci.yml
with: {}
secrets: inherit
permissions:
actions: read
contents: read
security-events: write
publish-sandbox:
permissions: write-all
name: "Publish: Sandbox"
needs: ["build", "codeql", "qodana"]
if: contains(github.event.pull_request.labels.*.name, 'ci:publish-snapshot')
uses: ./.github/workflows/step.publish.yml
secrets:
GOOGLE_CREDENTIALS: ${{ secrets.BUILDBOT_SERVICE_ACCOUNT }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
with:
version: 1.0-SNAPSHOT
repository: gcs://elide-snapshots/repository/v3
logLevel: info
snapshot: true
release: false
signing: true
gcs: true
environment: sandbox
label: Elide Sandbox
publish-live:
permissions: write-all
name: "Publish: Live"
if: contains(github.event.pull_request.labels.*.name, 'ci:publish') && (github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true)
needs: ["build", "codeql", "qodana", "publish-sandbox"]
uses: ./.github/workflows/step.publish.yml
secrets:
PUBLISH_USER: ${{ secrets.PUBLISH_USER_CENTRAL }}
PUBLISH_PASSWORD: ${{ secrets.PUBLISH_TOKEN_CENTRAL }}
with:
repository: "https://oss.sonatype.org/service/local/staging/deploy/maven2/"
logLevel: "info"
snapshot: false
release: true
signing: true
gcs: false
environment: central
label: "Maven Central"