pom/spring-boot-starter
pom/spring-boot-starter
4
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases 13 Packages Wiki Activity Actions

chore: simplify workflows
All checks were successful
SonarQube Scan / SonarQube Trigger (push) Successful in 3m33s
Details
release / Release (push) Successful in 4m31s
Details

Browse source
This commit is contained in:
Oliver Weyhmüller 2025-01-08 07:33:11 +01:00
parent 2027e363d5
commit 8a6ffe2082
Signed by: oliver
GPG key ID: 5286794099F934A3
2 changed files with 36 additions and 294 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

194
.forgejo/workflows/release.yaml
View file

@ -1,106 +1,26 @@
--- ---
name: release name: release
on: on:
push: push:
branches: branches:
- main - main
jobs: jobs:
release: release:
name: Release name: Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ !startsWith(github.event.head_commit.message, 'Release') }} if: ${{ !startsWith(github.event.head_commit.message, 'Release') }}
env:
JRELEASER_OUTPUT_DIRECTORY: target
steps: steps:
- name: Checkout - name: "Initialize Environment"
uses: actions/checkout@v4 id: initialize
uses: https://w9r.dev/w9r.dev/action-setup-environment@v1.1.4
with: with:
fetch-depth: 0 roleid: ${{ secrets.VAULT_ROLE_ID }}
secretid: ${{ secrets.VAULT_SECRET_ID }}
- name: Set up Environment - name: "Determine next version"
run: |
apt update
apt install -y zip
mkdir -p /root/.jreleaser
mkdir -p /root/.m2
touch /root/.jreleaser/config.properties
- name: maven-settings-xml-action
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
with:
repositories: >
[
{
"id": "maven-releases",
"name": "Releases",
"url": "https://nexus.w9r.dev/repository/maven-releases",
"releases": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "fail"
}
},
{
"id": "maven-snapshots",
"name": "Snapshots",
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
"releases": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
}
}
]
servers: >
[
{
"id": "maven-group",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-snapshots",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-releases",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "vulnz",
"username": "${{ secrets.VULNZ_USERNAME }}",
"password": "${{ secrets.VULNZ_PASSWORD }}"
}
]
mirrors: >
[
{
"id": "maven-group",
"name": "central",
"mirrorOf": "*",
"url": "https://nexus.w9r.dev/repository/maven-group/"
}
]
plugin_groups: >
[
"org.sonarsource.scanner.maven"
]
output_file: /root/.m2/settings.xml
- name: Determine next version
uses: https://github.com/obfu5c8/action-svu@v1 uses: https://github.com/obfu5c8/action-svu@v1
id: generate_next_version id: generate_next_version
with: with:
@ -113,111 +33,47 @@ jobs:
prefix: '' prefix: ''
suffix: '' suffix: ''
- name: Install syft - name: "Set new version"
uses: https://github.com/anchore/sbom-action/download-syft@v0
id: install_syft
with:
syft-version: v1.18.1
- name: Set new version
run: | run: |
NEW_VERSION=${{steps.generate_next_version.outputs.version}} NEW_VERSION=${{steps.generate_next_version.outputs.version}}
echo NEW_VERSION=$NEW_VERSION >> "$GITHUB_ENV" echo NEW_VERSION=$NEW_VERSION >> "$GITHUB_ENV"
echo JRELEASER_PROJECT_VERSION=$NEW_VERSION >> "$GITHUB_ENV"
echo "New version: $NEW_VERSION" echo "New version: $NEW_VERSION"
mvn -B --file pom.xml versions:set -DnewVersion=$NEW_VERSION
- name: Cache Java and Maven software - name: "Run JReleaser (Changelog)"
uses: https://github.com/actions/cache@v4
with:
path: ~/.sdkman
key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }}
restore-keys: |
${{ runner.os }}-sdkman-
env:
ACTIONS_STEP_DEBUG: true
- name: Cache local Maven repository
uses: https://github.com/actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
env:
ACTIONS_STEP_DEBUG: true
- name: Install Java & Maven
uses: https://github.com/sdkman/sdkman-action@main
id: sdkman
- name: Set Version
env:
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_CENTRAL_TOKEN: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
export GPG_TTY=$(tty)
git config user.name "${{ github.event.head_commit.committer.name }}"
git config user.email "${{ github.event.head_commit.committer.email }}"
mvn -B --file pom.xml versions:set -DnewVersion=${{ env.NEW_VERSION }}
- name: Run JReleaser (Changelog)
uses: https://w9r.dev/actions/release-action@main uses: https://w9r.dev/actions/release-action@main
with: with:
arguments: changelog --debug arguments: changelog --debug
setup-java: false setup-java: false
continue-on-error: true continue-on-error: true
env:
JRELEASER_OUTPUT_DIRECTORY: target
JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }}
JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }}
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Commit and push changes - name: "Commit and push changes"
run: | uses: https://w9r.dev/w9r.dev/action-git-commit-push@v1.4
git config user.name "${{ github.event.head_commit.committer.name }}" with:
git config user.email "${{ github.event.head_commit.committer.email }}" email: ${{ steps.initialize.outputs.gitemail }}
git add pom.xml CHANGELOG.md name: ${{ steps.initialize.outputs.gituser }}
git commit -a -m "Release ${{ env.NEW_VERSION }}" commit_message: "Release ${{ env.JRELEASER_PROJECT_VERSION }} [skip ci]"
git push files: pom.xml CHANGELOG.md
access_token: ${{ env.JRELEASER_GITEA_TOKEN }}
- name: Build package and populate staging area for deployment - name: Build package and populate staging area for deployment
run: | run: |
mvn -B --file pom.xml package mvn -X -B --file pom.xml package
mvn --file pom.xml -Ppublication mvn -X --file pom.xml -Ppublication
- name: "Run JReleaser (Assemble)"
- name: Run JReleaser (Assemble)
uses: https://w9r.dev/actions/release-action@main uses: https://w9r.dev/actions/release-action@main
with: with:
arguments: assemble --debug arguments: assemble --debug
setup-java: false setup-java: false
continue-on-error: true continue-on-error: true
env:
JRELEASER_OUTPUT_DIRECTORY: target
JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }}
JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }}
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Run JReleaser (Release) - name: "Run JReleaser (Release)"
uses: https://w9r.dev/actions/release-action@main uses: https://w9r.dev/actions/release-action@main
with: with:
arguments: release --debug arguments: release --debug
setup-java: false setup-java: false
env:
JRELEASER_OUTPUT_DIRECTORY: target
JRELEASER_PROJECT_VERSION: ${{ env.NEW_VERSION }}
JRELEASER_GITEA_TOKEN: ${{ secrets.JRELEASER_GITEA_TOKEN }}
JRELEASER_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }}
JRELEASER_GPG_SECRET_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
JRELEASER_ARTIFACTORY_USERNAME: ${{ secrets.NEXUS_USERNAME }}
JRELEASER_ARTIFACTORY_TOKEN: ${{ secrets.NEXUS_PASSWORD }}
# Persist logs
- name: JReleaser release trace - name: JReleaser release trace
if: always() if: always()

136
.forgejo/workflows/sonarqube.yaml
View file

@ -5,140 +5,26 @@ on:
- main - main
pull_request: pull_request:
types: [opened, synchronize, reopened] types: [opened, synchronize, reopened]
workflow_dispatch:
name: SonarQube Scan name: SonarQube Scan
jobs: jobs:
sonarqube: sonarqube:
name: SonarQube Trigger name: "SonarQube Trigger"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checking out - name: "Initialize Environment"
uses: actions/checkout@v4 uses: https://w9r.dev/w9r.dev/action-setup-environment@v1.1.4
with: with:
fetch-depth: 0 roleid: "${{ secrets.VAULT_ROLE_ID }}"
- name: Set up Environment secretid: "${{ secrets.VAULT_SECRET_ID }}"
run: |
apt update
apt install -y zip
mkdir -p /root/.jreleaser
mkdir -p /root/.m2
touch /root/.jreleaser/config.properties
- name: Install syft - name: "Cache SonarQube packages"
uses: https://github.com/anchore/sbom-action/download-syft@v0
id: install_syft
with:
syft-version: v1.18.1
- name: maven-settings-xml-action
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
with:
repositories: >
[
{
"id": "maven-releases",
"name": "Releases",
"url": "https://nexus.w9r.dev/repository/maven-releases",
"releases": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "fail"
}
},
{
"id": "maven-snapshots",
"name": "Snapshots",
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
"releases": {
"enabled": "false",
"updatePolicy": "always",
"checksumPolicy": "warn"
},
"snapshots": {
"enabled": "true",
"updatePolicy": "always",
"checksumPolicy": "warn"
}
}
]
servers: >
[
{
"id": "maven-group",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-snapshots",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "maven-releases",
"username": "${{ secrets.NEXUS_USERNAME }}",
"password": "${{ secrets.NEXUS_PASSWORD }}"
},
{
"id": "vulnz",
"username": "${{ secrets.VULNZ_USERNAME }}",
"password": "${{ secrets.VULNZ_PASSWORD }}"
}
]
mirrors: >
[
{
"id": "maven-group",
"name": "central",
"mirrorOf": "*",
"url": "https://nexus.w9r.dev/repository/maven-group/"
}
]
plugin_groups: >
[
"org.sonarsource.scanner.maven"
]
output_file: /root/.m2/settings.xml
- name: Cache Java and Maven software
uses: https://github.com/actions/cache@v4
with:
path: ~/.sdkman
key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }}
restore-keys: |
${{ runner.os }}-sdkman-
env:
ACTIONS_STEP_DEBUG: true
- name: Cache SonarQube packages
uses: https://github.com/actions/cache@v4 uses: https://github.com/actions/cache@v4
with: with:
path: ~/.sonar/cache path: ~/.sonar/cache
key: ${{ runner.os }}-sonar key: "${{ runner.os }}-sonar"
restore-keys: ${{ runner.os }}-sonar restore-keys: "${{ runner.os }}-sonar"
- name: Cache local Maven repository - name: "SonarQube Scan"
uses: https://github.com/actions/cache@v4 run: "mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar"
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
env:
ACTIONS_STEP_DEBUG: true
- name: Install Java & Maven
uses: https://github.com/sdkman/sdkman-action@main
id: sdkman
- name: SonarQube Scan
env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }}
run: >
mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dsonar.qualitygate.wait=true