build(deps): bump step-security/harden-runner from 2.8.1 to 2.10.2 (#… #100
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push | |
| on: | |
| push: | |
| branches: [master, main, beta] | |
| paths-ignore: | |
| - README.md | |
| - ./*.md | |
| workflow_dispatch: {} | |
| merge_group: {} | |
| env: | |
| CI: "true" | |
| GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+UseParallelGC -Xmx3g -XX:MetaspaceSize=512M -XX:MaxMetaspaceSize=512M" | |
| GRADLE_CACHE_LOCAL: true | |
| GRADLE_CACHE_REMOTE: true | |
| GRADLE_CACHE_PUSH: true | |
| GRADLE_CACHE_USERNAME: apikey | |
| GRADLE_CACHE_PASSWORD: ${{ secrets.BUILDLESS_APIKEY }} | |
| CACHE_ENDPOINT: ${{ vars.CACHE_ENDPOINT_GRADLE }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| TEST_EXCEPTIONS: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: "Build and Test" | |
| permissions: | |
| actions: "read" | |
| contents: "write" | |
| id-token: "write" | |
| checks: "write" | |
| packages: "read" | |
| pull-requests: "write" | |
| security-events: "write" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| runner: [macOS-latest, windows-latest, ubuntu-latest] | |
| include: | |
| - runner: macOS-latest | |
| flags: "--no-configuration-cache" | |
| os: "macos" | |
| label: "Darwin" | |
| experimental: false | |
| coverage: true | |
| gvm: ${{ vars.GVM_VERSION }} | |
| java: ${{ vars.JVM_VERSION }} | |
| provenance: false | |
| - runner: ubuntu-latest | |
| flags: "--no-configuration-cache -PsonarScan=true" | |
| os: "linux" | |
| label: "Linux" | |
| experimental: false | |
| coverage: true | |
| gvm: ${{ vars.GVM_VERSION }} | |
| java: ${{ vars.JVM_VERSION }} | |
| provenance: true | |
| - runner: windows-latest | |
| flags: "--no-configuration-cache -PnodeVersion=21.6.0 -x wasmJsNodeTest -x wasmJsBrowserTest -x wasmJsTest -x wasmWasiTest -x wasmWasiNodeTest" | |
| os: "windows" | |
| label: "Windows" | |
| experimental: false | |
| coverage: true | |
| gvm: ${{ vars.GVM_VERSION }} | |
| java: ${{ vars.JVM_VERSION }} | |
| provenance: false | |
| uses: ./.github/workflows/step.build.yml | |
| secrets: inherit | |
| with: | |
| runner: ${{ matrix.runner }} | |
| os: ${{ matrix.os }} | |
| label: ${{ matrix.label }} | |
| flags: ${{ matrix.flags }} | |
| experimental: ${{ matrix.experimental }} | |
| java: ${{ matrix.java }} | |
| coverage: true | |
| push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} | |
| provenance: ${{ matrix.provenance }} | |
| qodana: | |
| name: "Analysis: Qodana" | |
| needs: ["build"] | |
| uses: ./.github/workflows/qodana.ci.yml | |
| with: {} | |
| secrets: inherit | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write |