Skip to content

Commit 221424c

Browse files
kwinkwin
committed
Update action steps to latest version
Get rid of pull_request_target trigger Publish test reports only once (for all matrix builds) Build with Java 21 & 25 as well Update Maven Plugins
1 parent e31592a commit 221424c

2 files changed

Lines changed: 70 additions & 35 deletions

File tree

.github/workflows/maven.yml

Lines changed: 44 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,9 @@ on:
55
push:
66
branches:
77
- main
8-
# for PRs from forked repos and non forked repos
9-
# in order to write status info to the PR we require write repository token (https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/)
10-
pull_request_target:
8+
pull_request:
119
branches:
1210
- main
13-
types: [opened, synchronize, reopened]
1411

1512
# restrict privileges except for setting commit status, adding PR comments and writing statuses
1613
permissions:
@@ -30,11 +27,11 @@ jobs:
3027
strategy:
3128
matrix:
3229
os: [ubuntu-latest, macos-latest, windows-latest]
33-
jdk: [11, 17]
30+
jdk: [11, 17, 21, 25]
3431
include:
35-
# lengthy build steps should only be performed on linux with Java 11 (SonarQube analysis, deployment)
32+
# lengthy build steps should only be performed on linux with Java 21 (SonarQube analysis, deployment)
3633
- os: ubuntu-latest
37-
jdk: 11
34+
jdk: 21
3835
isMainBuildEnv: true
3936
namePrefix: 'Main '
4037
fail-fast: false
@@ -44,16 +41,13 @@ jobs:
4441

4542
steps:
4643
- name: Checkout
47-
uses: actions/checkout@v3
48-
# always act on the modified source code (even for event pull_request_target)
49-
# is considered potentially unsafe (https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) but actions are only executed after approval from committers
44+
uses: actions/checkout@v6
5045
with:
51-
ref: ${{ github.event.pull_request.head.sha }}
5246
# no additional git operations after checkout triggered in workflow, no need to store credentials
5347
persist-credentials: false
5448

5549
- name: Set up JDK
56-
uses: actions/setup-java@v3
50+
uses: actions/setup-java@v5
5751
with:
5852
cache: 'maven'
5953
distribution: 'temurin'
@@ -68,11 +62,11 @@ jobs:
6862
shell: bash
6963
run: |
7064
if [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then
71-
echo "MVN_ADDITIONAL_OPTS=-Dsonar.projectKey=Netcentric_aem-cloud-validator -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pjacoco-report" >> $GITHUB_ENV
65+
echo "MVN_ADDITIONAL_OPTS=-Dsonar.projectKey=Netcentric_aem-cloud-validator -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pjacoco-report -Dsonar.scanner.skipJreProvisioning=true" >> $GITHUB_ENV
7266
if [ "${{github.ref}}" = "refs/heads/main" ] && [ "${{github.event_name}}" = "push" ]; then
7367
echo "MAVEN_USERNAME=${{ secrets.OSSRH_TOKEN_USER }}" >> $GITHUB_ENV
7468
echo "MAVEN_PASSWORD=${{ secrets.OSSRH_TOKEN_PASSWORD }}" >> $GITHUB_ENV
75-
echo "MVN_GOAL=clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:sonar" >> $GITHUB_ENV
69+
echo "MVN_GOAL=clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:5.5.0.6356:sonar" >> $GITHUB_ENV
7670
echo "STEP_NAME_SUFFIX=(Deploys to OSSRH)" >> $GITHUB_ENV
7771
else
7872
echo "MVN_GOAL=clean verify" >> $GITHUB_ENV
@@ -87,8 +81,40 @@ jobs:
8781
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8882
run: mvn -e -B -V ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }}
8983

90-
- name: Publish Test Report
91-
if: ${{ always() }} # make sure to run even if previous Maven execution failed (due to failed test)
92-
uses: scacap/action-surefire-report@v1
84+
- name: Upload Test Results
85+
if: always()
86+
uses: actions/upload-artifact@v7
9387
with:
94-
check_name: Test report (${{ matrix.os }}, JDK ${{ matrix.jdk }})
88+
name: Test Results (${{ matrix.os }}, JDK ${{ matrix.jdk }}))
89+
path: |
90+
target/surefire-reports/TEST*.xml
91+
target/invoker-reports/TEST*.xml
92+
target/it/**/build.log
93+
94+
publish-test-results:
95+
name: "Publish Tests Results"
96+
needs: build
97+
runs-on: ubuntu-latest
98+
permissions:
99+
checks: write
100+
101+
# only needed unless run with comment_mode: off
102+
pull-requests: write
103+
104+
# only needed for private repository
105+
contents: read
106+
107+
# only needed for private repository
108+
issues: read
109+
if: always()
110+
111+
steps:
112+
- name: Download Artifacts
113+
uses: actions/download-artifact@v8
114+
with:
115+
path: artifacts
116+
117+
- name: Publish Test Results
118+
uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040
119+
with:
120+
files: "artifacts/**/*.xml"

pom.xml

Lines changed: 26 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -129,60 +129,60 @@
129129
<plugins>
130130
<plugin>
131131
<artifactId>maven-surefire-plugin</artifactId>
132-
<version>3.1.0</version>
132+
<version>3.5.5</version>
133133
</plugin>
134134
<plugin>
135135
<artifactId>maven-failsafe-plugin</artifactId>
136-
<version>3.1.0</version>
136+
<version>3.5.5</version>
137137
</plugin>
138138
<plugin>
139139
<artifactId>maven-compiler-plugin</artifactId>
140-
<version>3.11.0</version>
140+
<version>3.15.0</version>
141141
</plugin>
142142
<plugin>
143143
<artifactId>maven-install-plugin</artifactId>
144-
<version>3.1.1</version>
144+
<version>3.1.4</version>
145145
</plugin>
146146
<plugin>
147147
<artifactId>maven-deploy-plugin</artifactId>
148-
<version>3.1.1</version>
148+
<version>3.1.4</version>
149149
</plugin>
150150
<plugin>
151151
<artifactId>maven-resources-plugin</artifactId>
152-
<version>3.3.1</version>
152+
<version>3.5.0</version>
153153
</plugin>
154154
<plugin>
155155
<artifactId>maven-clean-plugin</artifactId>
156-
<version>3.2.0</version>
156+
<version>3.5.0</version>
157157
</plugin>
158158
<plugin>
159159
<artifactId>maven-jar-plugin</artifactId>
160-
<version>3.3.0</version>
160+
<version>3.5.0</version>
161161
</plugin>
162162
<plugin>
163163
<artifactId>maven-javadoc-plugin</artifactId>
164-
<version>3.5.0</version>
164+
<version>3.12.0</version>
165165
</plugin>
166166
<plugin>
167167
<artifactId>maven-source-plugin</artifactId>
168-
<version>3.2.1</version>
168+
<version>3.4.0</version>
169169
</plugin>
170170
<plugin>
171171
<artifactId>maven-release-plugin</artifactId>
172-
<version>3.0.0</version>
172+
<version>3.3.1</version>
173173
</plugin>
174174
<plugin>
175175
<artifactId>maven-dependency-plugin</artifactId>
176-
<version>3.5.0</version>
176+
<version>3.10.0</version>
177177
</plugin>
178178
<plugin>
179179
<artifactId>maven-enforcer-plugin</artifactId>
180-
<version>3.3.0</version>
180+
<version>3.6.2</version>
181181
</plugin>
182182
<plugin>
183183
<groupId>org.apache.maven.plugins</groupId>
184184
<artifactId>maven-gpg-plugin</artifactId>
185-
<version>3.1.0</version>
185+
<version>3.2.8</version>
186186
</plugin>
187187
<plugin>
188188
<groupId>org.sonatype.plugins</groupId>
@@ -192,16 +192,16 @@
192192
<plugin>
193193
<groupId>org.codehaus.mojo</groupId>
194194
<artifactId>license-maven-plugin</artifactId>
195-
<version>2.0.1</version>
195+
<version>2.7.1</version>
196196
</plugin>
197197
<plugin>
198198
<groupId>org.jacoco</groupId>
199199
<artifactId>jacoco-maven-plugin</artifactId>
200-
<version>0.8.10</version>
200+
<version>0.8.14</version>
201201
</plugin>
202202
<plugin>
203203
<artifactId>maven-invoker-plugin</artifactId>
204-
<version>3.5.1</version>
204+
<version>3.9.1</version>
205205
</plugin>
206206
</plugins>
207207
</pluginManagement>
@@ -228,6 +228,15 @@
228228
</execution>
229229
</executions>
230230
</plugin>
231+
<plugin>
232+
<artifactId>maven-compiler-plugin</artifactId>
233+
<configuration>
234+
<annotationProcessors>
235+
<!-- generate META-INF/services-->
236+
<annotationProcessor>org.kohsuke.metainf_services.AnnotationProcessorImpl</annotationProcessor>
237+
</annotationProcessors>
238+
</configuration>
239+
</plugin>
231240
<plugin>
232241
<groupId>org.apache.maven.plugins</groupId>
233242
<artifactId>maven-invoker-plugin</artifactId>

0 commit comments

Comments
 (0)