Skip to content

Bump github/codeql-action from 2.21.9 to 2.22.5 #202

Bump github/codeql-action from 2.21.9 to 2.22.5

Bump github/codeql-action from 2.21.9 to 2.22.5 #202

Workflow file for this run

#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: build
on:
push:
branches:
- 2.x
pull_request:
env:
# Maven JVM arguments
MAVEN_OPTS: -XX:InitialRAMPercentage=50.0
# Common Maven arguments since Maven 3.9.0
MAVEN_ARGS: --show-version --batch-mode --errors --no-transfer-progress
permissions: read-all
jobs:
build:
runs-on: ${{ matrix.os }}
# Based on: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
steps:
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # 4.1.0
with:
fetch-depth: 32
# JDK 8 and 11 is needed for the build.
# Search `maven-toolchains-plugin` usages for details.
- name: Setup JDK
uses: actions/setup-java@3f07048e3d294f56e9b90ac5ea2c6f74e9ad0f98 # 3.10.0
with:
distribution: temurin
java-version: |
8
11
architecture: x64
cache: maven
# We could have used `verify`, but `clean install` is required for the following:
# 1. The build reproducibility report
# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
# 2. `javadoc:javadoc-no-fork`, which is attached to the `site` goal
- name: Build
timeout-minutes: 60
shell: bash
env:
JAVA_HOME: ${{ env.JAVA_HOME_8_X64 }}
run: ./mvnw clean install
- name: Upload Surefire Reports
if: failure()
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # 3.1.2
with:
name: surefire-reports-${{matrix.os}}
path: "**/target/surefire-reports/*"
# `clean verify artifact:compare` is required to generate the build reproducibility report.
# For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
- name: Report build reproducibility
id: report-reproducible
timeout-minutes: 10
shell: bash
env:
JAVA_HOME: ${{ env.JAVA_HOME_8_X64 }}
run: |
./mvnw \
-DskipTests=true \
clean package artifact:compare
- name: Upload reproducibility failure context artifacts
if: failure()
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # 3.1.2
with:
name: reproducibility-failure-context-${{matrix.os}}
path: |
**/target/*.buildcompare
**/target/*.jar
**/target/reference/*.jar
- name: Build site
timeout-minutes: 10
shell: bash
env:
JAVA_HOME: ${{ env.JAVA_HOME_8_X64 }}
run: ./mvnw site
merge:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
needs: build
permissions:
contents: write
pull-requests: write
steps:
- name: "[dependabot] Auto-merge the PR"
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy:
runs-on: ubuntu-latest
needs: build
if: github.repository == 'apache/logging-log4j2' && github.ref == 'refs/heads/2.x'
steps:
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # 4.1.0
with:
fetch-depth: 32
# JDK 8 and 11 are needed for the build.
# Search `maven-toolchains-plugin` usages for details.
- name: Setup JDK
uses: actions/setup-java@3f07048e3d294f56e9b90ac5ea2c6f74e9ad0f98 # 3.10.0
with:
distribution: temurin
java-version: |
8
11
architecture: x64
cache: maven
- name: Inspect project version
env:
# Overrides defaults
MAVEN_ARGS: -q -N
run: |
VERSION=$(./mvnw help:evaluate -DforceStdout=true -Dexpression=project.version)
echo $VERSION
echo "project_version=$VERSION" >> $GITHUB_ENV
- name: Deploy artifacts
# Do not deploy release versions
if: ${{ endsWith(env.project_version, '-SNAPSHOT') }}
timeout-minutes: 15
shell: bash
# `package install:install deploy:deploy` goal is needed to deploy without configuring the plugin in the POM.
# For details, see: https://maven.apache.org/plugins/maven-gpg-plugin/examples/deploy-signed-artifacts.html
run: |
./mvnw \
--settings .github/workflows/maven-settings.xml \
-Dgpg.skip=true \
-DskipTests=true \
package install:install deploy:deploy
env:
JAVA_HOME: ${{ env.JAVA_HOME_8_X64 }}
NEXUS_USER: ${{ secrets.NEXUS_USER }}
NEXUS_PW: ${{ secrets.NEXUS_PW }}