Bump CWE dictionary to v4.12 #1719
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| permissions: { } | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 25 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # tag=v3.13.0 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Test | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: |- | |
| mvn -pl '!e2e' clean verify \ | |
| failsafe:integration-test -DskipITs=false \ | |
| org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
| test-native-image: | |
| name: Test Native Image | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'pull_request' }} | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| module: | |
| - mirror-service | |
| - notification-publisher | |
| - repository-meta-analyzer | |
| - vulnerability-analyzer | |
| fail-fast: true | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1 | |
| - name: Set up JDK | |
| uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # tag=v3.13.0 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Set up GraalVM | |
| uses: graalvm/setup-graalvm@6c7d417a1ef253f4d667a69e6a5716927746e251 # tag=v1 | |
| with: | |
| # NOTE: Do NOT use the Oracle GraalVM distribution, as that is causing issues | |
| # with Protobuf serialization. GraalVM Community 17.0.8 and Mandrel 23.0 have | |
| # both been tested to work. | |
| # https://github.com/DependencyTrack/hyades/issues/641 | |
| # https://github.com/quarkusio/quarkus/issues/35125 | |
| distribution: 'mandrel' | |
| version: 'mandrel-23.0.1.2-Final' | |
| java-version: '17' | |
| components: 'native-image' | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Native Image | |
| run: |- | |
| mvn -pl commons,commons-kstreams,commons-persistence,proto,${{ matrix.module }} clean install -Pnative -DskipTests | |
| - name: Test Native Image | |
| run: |- | |
| mvn -pl commons,commons-kstreams,commons-persistence,proto,${{ matrix.module }} \ | |
| test-compile failsafe:integration-test failsafe:verify -Pnative |