diff --git a/.github/workflows/callable.build.yml b/.github/workflows/callable.build.yml index 3c68110..6229e9b 100644 --- a/.github/workflows/callable.build.yml +++ b/.github/workflows/callable.build.yml @@ -15,10 +15,10 @@ jobs: with: distribution: 'corretto' java-version: '17' - cache: 'gradle' - uses: gradle/wrapper-validation-action@v1 - name: Setup Gradle uses: gradle/gradle-build-action@v2.8.0 - + with: + cache-write-only: true - name: Run build (incl. test) - run: gradle build -x intTest --no-daemon + run: ./gradlew build -x intTest --no-daemon diff --git a/.github/workflows/callable.code-analysis.codeql.yml b/.github/workflows/callable.code-analysis.codeql.yml index e14fd10..70aefe0 100644 --- a/.github/workflows/callable.code-analysis.codeql.yml +++ b/.github/workflows/callable.code-analysis.codeql.yml @@ -19,37 +19,38 @@ jobs: security-events: write steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: java - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: java + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - queries: security-extended,security-and-quality + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + queries: security-extended,security-and-quality - - uses: actions/setup-java@v3 - with: - distribution: 'corretto' - java-version: '17' - cache: 'gradle' - - uses: gradle/wrapper-validation-action@v1 - - name: Setup Gradle - uses: gradle/gradle-build-action@v2.8.0 - - name: Run build with Gradle Wrapper - run: | - gradle build -x intTest --no-daemon - # ignore ./.gradle folder for analysis - rm -Rf .gradle + - uses: actions/setup-java@v3 + with: + distribution: 'corretto' + java-version: '17' + - uses: gradle/wrapper-validation-action@v1 + - name: Setup Gradle + uses: gradle/gradle-build-action@v2.8.0 + with: + cache-read-only: true + - name: Run build with Gradle Wrapper + run: | + ./gradlew build -x intTest --no-daemon + # ignore ./.gradle folder for analysis + rm -Rf .gradle - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/callable.code-analysis.trivy.yml b/.github/workflows/callable.code-analysis.trivy.yml index aa4dcbf..031bdae 100644 --- a/.github/workflows/callable.code-analysis.trivy.yml +++ b/.github/workflows/callable.code-analysis.trivy.yml @@ -21,10 +21,11 @@ jobs: with: distribution: 'corretto' java-version: '17' - cache: 'gradle' - uses: gradle/wrapper-validation-action@v1 - name: Setup Gradle uses: gradle/gradle-build-action@v2.8.0 + with: + cache-read-only: true - name: Generate gradle.lockfile for trivy scan run: gradle dependencies --write-locks diff --git a/.github/workflows/callable.gradle-release.yml b/.github/workflows/callable.gradle-release.yml index 8c43cc5..78d26e1 100644 --- a/.github/workflows/callable.gradle-release.yml +++ b/.github/workflows/callable.gradle-release.yml @@ -14,7 +14,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Validate 'Release Type' param - id: validate_type env: TYPE: ${{ inputs.type }} run: | @@ -32,19 +31,18 @@ jobs: with: distribution: 'corretto' java-version: '17' - cache: 'gradle' - uses: gradle/wrapper-validation-action@v1 - name: Setup Gradle uses: gradle/gradle-build-action@v2.8.0 + with: + cache-read-only: true - name: Get current version - id: get_version run: | source gradle.properties echo "current_version=${version}" >> $GITHUB_ENV - name: Determine version type - id: bump_version env: TYPE: ${{ inputs.type }} VERSION: ${{ env.current_version }} @@ -69,7 +67,6 @@ jobs: git config --local user.email "action@github.com" git config --local user.name "GitHub Action" - name: Run 'gradle release' - id: gradle_release run: | echo "Type: ${{ inputs.type }}" echo "Current version: ${{ env.current_version }}" diff --git a/.github/workflows/callable.integration-test.yml b/.github/workflows/callable.integration-test.yml index 595262d..5635554 100644 --- a/.github/workflows/callable.integration-test.yml +++ b/.github/workflows/callable.integration-test.yml @@ -15,13 +15,11 @@ jobs: with: distribution: 'corretto' java-version: '17' - cache: 'gradle' - uses: gradle/wrapper-validation-action@v1 - name: Setup Gradle uses: gradle/gradle-build-action@v2.8.0 - - - name: Run build (incl. test) - run: gradle build -x intTest --no-daemon + with: + cache-read-only: true - name: Run integration tests - run: gradle intTest --no-daemon + run: ./gradlew intTest -x test --no-daemon diff --git a/.github/workflows/callable.publish-javadoc.yml b/.github/workflows/callable.publish-javadoc.yml index 8bb317d..26c4eab 100644 --- a/.github/workflows/callable.publish-javadoc.yml +++ b/.github/workflows/callable.publish-javadoc.yml @@ -18,13 +18,14 @@ jobs: with: distribution: 'corretto' java-version: '17' - cache: 'gradle' - uses: gradle/wrapper-validation-action@v1 - name: Setup Gradle uses: gradle/gradle-build-action@v2.8.0 + with: + cache-read-only: true - name: Run build (incl. test) - run: gradle javadoc + run: ./gradlew javadoc - name: Conclude javadoc version and set env run: | diff --git a/.github/workflows/callable.publish-sonatype.yml b/.github/workflows/callable.publish-sonatype.yml index 2427efa..b228b94 100644 --- a/.github/workflows/callable.publish-sonatype.yml +++ b/.github/workflows/callable.publish-sonatype.yml @@ -14,23 +14,24 @@ jobs: with: distribution: 'corretto' java-version: '17' - cache: 'gradle' - uses: gradle/wrapper-validation-action@v1 - name: Setup Gradle uses: gradle/gradle-build-action@v2.8.0 + with: + cache-read-only: true + # note the following two steps are identical but different names for better DX in GitHub Actions UI - name: Publish SNAPSHOT to Sonatype (Maven Central) if: github.ref == 'refs/heads/main' - run: gradle publishToSonatype closeAndReleaseSonatypeStagingRepository + run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository env: GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }} OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} - - name: Publish RELEASE to Sonatype (Maven Central) if: github.ref_type == 'tag' - run: gradle publishToSonatype closeAndReleaseSonatypeStagingRepository + run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository env: GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} GPG_SIGNING_PASSPHRASE: ${{ secrets.GPG_SIGNING_PASSPHRASE }} diff --git a/java-library-template/.gitignore b/java-library-template/.gitignore deleted file mode 100644 index 06c581c..0000000 --- a/java-library-template/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# gradle locking of dependency versions *required+used for trivy scan only, so do not add to source control -gradle.lockfile