Update action steps to latest version #147
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: maven-cicd | |
| on: | |
| # for regular master build (after the merge) | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| # restrict privileges except for setting commit status, adding PR comments and writing statuses | |
| permissions: | |
| actions: read | |
| checks: write | |
| contents: read | |
| deployments: read | |
| issues: read | |
| packages: read | |
| pull-requests: write | |
| repository-projects: read | |
| security-events: read | |
| statuses: write | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| jdk: [11, 17, 21, 25] | |
| include: | |
| # lengthy build steps should only be performed on linux with Java 21 (SonarQube analysis, deployment) | |
| - os: ubuntu-latest | |
| jdk: 21 | |
| isMainBuildEnv: true | |
| namePrefix: 'Main ' | |
| fail-fast: false | |
| name: ${{ matrix.namePrefix }} Maven build (${{ matrix.os }}, JDK ${{ matrix.jdk }}) | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| # no additional git operations after checkout triggered in workflow, no need to store credentials | |
| persist-credentials: false | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| cache: 'maven' | |
| distribution: 'temurin' | |
| java-version: ${{ matrix.jdk }} | |
| # generate settings.xml with the correct values | |
| server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml | |
| server-username: MAVEN_USERNAME # env variable for username in deploy | |
| server-password: MAVEN_PASSWORD # env variable for token in deploy | |
| # sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable | |
| - name: Set environment variables | |
| shell: bash | |
| run: | | |
| if [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then | |
| echo "MVN_ADDITIONAL_OPTS=-Dsonar.projectKey=Netcentric_aem-cloud-validator -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pjacoco-report -Dsonar.scanner.skipJreProvisioning=true" >> $GITHUB_ENV | |
| if [ "${{github.ref}}" = "refs/heads/main" ] && [ "${{github.event_name}}" = "push" ]; then | |
| echo "MAVEN_USERNAME=${{ secrets.OSSRH_TOKEN_USER }}" >> $GITHUB_ENV | |
| echo "MAVEN_PASSWORD=${{ secrets.OSSRH_TOKEN_PASSWORD }}" >> $GITHUB_ENV | |
| echo "MVN_GOAL=clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:5.5.0.6356:sonar" >> $GITHUB_ENV | |
| echo "STEP_NAME_SUFFIX=(Deploys to OSSRH)" >> $GITHUB_ENV | |
| else | |
| echo "MVN_GOAL=clean verify" >> $GITHUB_ENV | |
| fi | |
| else | |
| echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV | |
| echo "MVN_GOAL=clean verify" >> $GITHUB_ENV | |
| fi | |
| - name: ${{ matrix.namePrefix }} Build with Maven ${{ env.STEP_NAME_SUFFIX }} | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: mvn -e -B -V ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }} | |
| - name: Upload Test Results | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: Test Results (${{ matrix.os }}, JDK ${{ matrix.jdk }})) | |
| path: | | |
| target/surefire-reports/TEST*.xml | |
| target/invoker-reports/TEST*.xml | |
| target/it/**/build.log | |
| publish-test-results: | |
| name: "Publish Tests Results" | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| checks: write | |
| # only needed unless run with comment_mode: off | |
| pull-requests: write | |
| # only needed for private repository | |
| contents: read | |
| # only needed for private repository | |
| issues: read | |
| if: always() | |
| steps: | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| path: artifacts | |
| - name: Publish Test Results | |
| uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 | |
| with: | |
| files: "artifacts/**/*.xml" |