Update GHA to latest actions steps #258
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI/CD | |
| on: | |
| # run every month on default branch to prevent inactive token removal: https://community.sonarsource.com/t/removing-inactive-tokens-after-60-days/142451 | |
| schedule: | |
| - cron: '0 0 1 * *' | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| build: | |
| name: Maven Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Git Clone | |
| uses: actions/checkout@v6 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 21 | |
| # generate settings.xml with the correct values | |
| server-id: sonatype-central-portal # Value of the distributionManagement/repository/id field of the pom.xml | |
| server-username: MAVEN_CENTRAL_PORTAL_USERNAME # env variable for username in deploy | |
| server-password: MAVEN_CENTRAL_PORTAL_PASSWORD # env variable for token in deploy | |
| - name: Adjust Git Config | |
| run: | | |
| git config --global user.email "action@github.com" | |
| git config --global user.name "GitHub Action" | |
| # sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable | |
| - name: Set environment variables | |
| shell: bash | |
| run: | | |
| if [ "${{github.ref}}" = "refs/heads/master" ] && [ "${{github.event_name}}" = "push" ] && [ "${{github.repository_owner}}" = "Netcentric" ]; then | |
| echo 'Running on main branch of the canonical repo' | |
| echo "MVN_ADDITIONAL_OPTS=-DdeployAtEnd=true" >> $GITHUB_ENV | |
| echo "MVN_GOAL=deploy" >> $GITHUB_ENV | |
| echo "MAVEN_CENTRAL_PORTAL_USERNAME=${{ secrets.SONATYPE_CENTRAL_TOKEN_USER }}" >> $GITHUB_ENV | |
| echo "MAVEN_CENTRAL_PORTAL_PASSWORD=${{ secrets.SONATYPE_CENTRAL_TOKEN_PASSWORD }}" >> $GITHUB_ENV | |
| else | |
| echo 'Running outside main branch/canonical repo' | |
| echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV | |
| echo "MVN_GOAL=verify" >> $GITHUB_ENV | |
| fi | |
| - name: Build | |
| run: ./mvnw -B ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }} -Pcoverage-report | |
| - name: Upload build result for subsequent SonarQube job | |
| # not supported on forks, https://portal.productboard.com/sonarsource/1-sonarqube-cloud/c/50-sonarcloud-analyzes-external-pull-request | |
| if: github.repository == 'Netcentric/aem-classification' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: compiled-classes-and-coverage | |
| # compare with https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/languages/java/#java-analysis-and-bytecode | |
| path: | | |
| **/target/**/*.class | |
| **/target/site/jacoco*/*.xml | |
| - name: Build Site for Maven Plugin | |
| if: github.ref == 'refs/heads/master' | |
| run: ./mvnw -B site --file aem-classification-maven-plugin/pom.xml | |
| - name: Upload Site for Maven Plugin | |
| if: github.ref == 'refs/heads/master' | |
| uses: actions/upload-pages-artifact@v4 | |
| with: | |
| path: aem-classification-maven-plugin/target/site/ | |
| # execute analysis in a separate job for better visualization and usage of matrix builds | |
| # https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-for-maven/#invoking-the-goal | |
| sonarqube: | |
| name: SonarQube Analysis | |
| runs-on: ubuntu-latest | |
| needs: build | |
| # not supported on forks, https://portal.productboard.com/sonarsource/1-sonarqube-cloud/c/50-sonarcloud-analyzes-external-pull-request | |
| if: github.repository == 'Netcentric/aem-classification' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: 21 | |
| distribution: temurin | |
| cache: maven | |
| - name: Download compiled classes | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: compiled-classes-and-coverage | |
| - name: Cache SonarQube packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Analyze with SonarQube | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./mvnw -B org.sonarsource.scanner.maven:sonar-maven-plugin:5.5.0.6356:sonar -Dsonar.projectKey=Netcentric_aem-classification -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Dsonar.scanner.skipJreProvisioning=true | |
| deploy: | |
| name: Deploy to GH Pages | |
| if: github.ref == 'refs/heads/master' | |
| # Add a dependency to the build job | |
| needs: build | |
| # Grant GITHUB_TOKEN the permissions required to make a Pages deployment | |
| permissions: | |
| pages: write # to deploy to Pages | |
| id-token: write # to verify the deployment originates from an appropriate source | |
| # Deploy to the github-pages environment | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| # Specify runner + deployment step | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 |