pom/dependencies
pom/dependencies
4
0
Fork 0
Code Issues 1 Pull requests Projects Releases 15 Packages Wiki Activity Actions

chore: reorganize workflows
Some checks failed
release / Release (push) Failing after 3s
Details
SonarQube Scan / SonarQube Trigger (push) Failing after 2s
Details

Browse source
This commit is contained in:
Oliver Weyhmüller 2025-01-07 06:08:44 +01:00
parent 5185878ce1
commit 06c24aa6a5
Signed by: oliver
GPG key ID: 5286794099F934A3
2 changed files with 25 additions and 259 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

164
.forgejo/workflows/release.yaml
View file

@ -18,87 +18,9 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Environment - name: Initialize Environment
run: | uses: https://w9r.dev/w9r.dev/action-setup-environment
apt update
apt install -y zip
mkdir -p /root/.jreleaser
mkdir -p /root/.m2
touch /root/.jreleaser/config.properties
- name: maven-settings-xml-action
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
with:
repositories: >
[
{
"id": "maven-releases",
"name": "Releases",
"url": "https://nexus.w9r.dev/repository/maven-releases",
"releases": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "fail"
}
},
{
"id": "maven-snapshots",
"name": "Snapshots",
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
"releases": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
}
}
]
servers: >
[
{
"id": "maven-group",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-snapshots",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-releases",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "vulnz",
"username": "${{ secrets.VULNZ_USERNAME }}",
"password": "${{ secrets.VULNZ_PASSWORD }}"
}
]
mirrors: >
[
{
"id": "maven-group",
"name": "central",
"mirrorOf": "*",
"url": "https://nexus.w9r.dev/repository/maven-group/"
}
]
plugin_groups: >
[
"org.sonarsource.scanner.maven"
]
output_file: /root/.m2/settings.xml
- name: Determine next version - name: Determine next version
uses: https://github.com/obfu5c8/action-svu@v1 uses: https://github.com/obfu5c8/action-svu@v1
@ -113,49 +35,15 @@ jobs:
prefix: '' prefix: ''
suffix: '' suffix: ''
- name: Install syft
uses: https://github.com/anchore/sbom-action/download-syft@v0
id: install_syft
with:
syft-version: v1.18.1
- name: Set new version - name: Set new version
env:
MAVEN_USERNAME: ${{ env.NEXUS_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ env.NEXUS_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
run: | run: |
NEW_VERSION=${{steps.generate_next_version.outputs.version}} NEW_VERSION=${{steps.generate_next_version.outputs.version}}
echo NEW_VERSION=$NEW_VERSION >> "$GITHUB_ENV" echo NEW_VERSION=$NEW_VERSION >> "$GITHUB_ENV"
echo "New version: $NEW_VERSION" echo "New version: $NEW_VERSION"
- name: Cache Java and Maven software
uses: https://github.com/actions/cache@v4
with:
path: ~/.sdkman
key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }}
restore-keys: |
${{ runner.os }}-sdkman-
env:
ACTIONS_STEP_DEBUG: true
- name: Cache local Maven repository
uses: https://github.com/actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
env:
ACTIONS_STEP_DEBUG: true
- name: Install Java & Maven
uses: https://github.com/sdkman/sdkman-action@main
id: sdkman
- name: Set Version
env:
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
export GPG_TTY=$(tty)
mvn -B --file pom.xml versions:set -DnewVersion=${{ env.NEW_VERSION }} mvn -B --file pom.xml versions:set -DnewVersion=${{ env.NEW_VERSION }}
- name: Run JReleaser (Changelog) - name: Run JReleaser (Changelog)
@ -167,26 +55,10 @@ jobs:
env: env:
JRELEASER_OUTPUT_DIRECTORY: target JRELEASER_OUTPUT_DIRECTORY: target
JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }}
JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} JRELEASER_GITEA_TOKEN: ${{ env.JRELEASER_GITEA_TOKEN }}
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} JRELEASER_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} JRELEASER_GPG_PUBLIC_KEY: ${{ env.GPG_PUBLIC_KEY }}
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} JRELEASER_GPG_SECRET_KEY: ${{ env.GPG_PRIVATE_KEY }}
- name: Import GPG key
id: import-gpg
uses: https://github.com/crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.RELEASEBOT_PRIVATE_KEY }}
passphrase: ${{ secrets.RELEASEBOT_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: GPG user IDs
run: |
echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
echo "keyid: ${{ steps.import-gpg.outputs.keyid }}"
echo "name: ${{ steps.import-gpg.outputs.name }}"
echo "email: ${{ steps.import-gpg.outputs.email }}"
- name: Commit and push changes - name: Commit and push changes
run: | run: |
@ -212,9 +84,9 @@ jobs:
JRELEASER_OUTPUT_DIRECTORY: target JRELEASER_OUTPUT_DIRECTORY: target
JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }}
JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }}
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} JRELEASER_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} JRELEASER_GPG_PUBLIC_KEY: ${{ env.GPG_PUBLIC_KEY }}
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} JRELEASER_GPG_SECRET_KEY: ${{ env.GPG_PRIVATE_KEY }}
- name: Run JReleaser (Release) - name: Run JReleaser (Release)
uses: https://w9r.dev/actions/release-action@main uses: https://w9r.dev/actions/release-action@main
@ -225,11 +97,11 @@ jobs:
JRELEASER_OUTPUT_DIRECTORY: target JRELEASER_OUTPUT_DIRECTORY: target
JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }} JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }}
JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }} JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }}
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} JRELEASER_GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} JRELEASER_GPG_PUBLIC_KEY: ${{ env.GPG_PUBLIC_KEY }}
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }} JRELEASER_GPG_SECRET_KEY: ${{ env.GPG_PRIVATE_KEY }}
JRELEASER_ARTIFACTORY_USERNAME: ${{ secrets.NEXUS_USERNAME }} JRELEASER_ARTIFACTORY_USERNAME: ${{ env.NEXUS_USERNAME }}
JRELEASER_ARTIFACTORY_TOKEN: ${{ secrets.NEXUS_PASSWORD }} JRELEASER_ARTIFACTORY_TOKEN: ${{ env.NEXUS_PASSWORD }}
# Persist logs # Persist logs

120
.forgejo/workflows/sonarqube.yaml
View file

@ -12,107 +12,15 @@ jobs:
name: SonarQube Trigger name: SonarQube Trigger
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checking out
- name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Environment
run: |
apt update
apt install -y zip
mkdir -p /root/.jreleaser
mkdir -p /root/.m2
touch /root/.jreleaser/config.properties
- name: Install syft - name: Initialize Environment
uses: https://github.com/anchore/sbom-action/download-syft@v0 uses:
id: install_syft https://w9r.dev/w9r.dev/action-setup-environment
with:
syft-version: v1.18.1
- name: maven-settings-xml-action
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
with:
repositories: >
[
{
"id": "maven-releases",
"name": "Releases",
"url": "https://nexus.w9r.dev/repository/maven-releases",
"releases": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "fail"
}
},
{
"id": "maven-snapshots",
"name": "Snapshots",
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
"releases": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
}
}
]
servers: >
[
{
"id": "maven-group",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-snapshots",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-releases",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "vulnz",
"username": "${{ secrets.VULNZ_USERNAME }}",
"password": "${{ secrets.VULNZ_PASSWORD }}"
}
]
mirrors: >
[
{
"id": "maven-group",
"name": "central",
"mirrorOf": "*",
"url": "https://nexus.w9r.dev/repository/maven-group/"
}
]
plugin_groups: >
[
"org.sonarsource.scanner.maven"
]
output_file: /root/.m2/settings.xml
- name: Cache Java and Maven software
uses: https://github.com/actions/cache@v4
with:
path: ~/.sdkman
key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }}
restore-keys: |
${{ runner.os }}-sdkman-
env:
ACTIONS_STEP_DEBUG: true
- name: Cache SonarQube packages - name: Cache SonarQube packages
uses: https://github.com/actions/cache@v4 uses: https://github.com/actions/cache@v4
@ -121,22 +29,8 @@ jobs:
key: ${{ runner.os }}-sonar key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar
- name: Cache local Maven repository
uses: https://github.com/actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
env:
ACTIONS_STEP_DEBUG: true
- name: Install Java & Maven
uses: https://github.com/sdkman/sdkman-action@main
id: sdkman
- name: SonarQube Scan - name: SonarQube Scan
env: env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} SONAR_TOKEN: ${{ env.SONARQUBE_TOKEN }}
SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }} SONAR_HOST_URL: ${{ env.SONARQUBE_HOST }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar