[Backport 3.29] Ignore [LOW] com.google.guava:guava@31.0.1-jre: SNYK-JAVA-COMGOOGLEGU… #5761
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous integration | |
| on: | |
| push: | |
| pull_request: | |
| permissions: | |
| actions: write | |
| contents: write | |
| env: | |
| HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
| jobs: | |
| build: | |
| name: Continuous integration | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 40 | |
| if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get tag | |
| id: tag2 | |
| uses: frabert/replace-string-action@v1.1 | |
| with: | |
| pattern: 'refs/tags/(.*)' | |
| string: '{{ github.ref }}' | |
| replace-with: '$1' | |
| if: "startsWith(github.ref, 'refs/tags/')" | |
| - run: echo --${{ steps.tag2.outputs.replaced }}-- | |
| - uses: camptocamp/initialise-gopass-summon-action@v2 | |
| with: | |
| ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
| github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
| patterns: docker | |
| if: env.HAS_SECRETS == 'HAS_SECRETS' | |
| - run: gpg --export-secret-keys --armor D121AF2DFA8E140688BD968930C9B913FD42EF13 > CI.asc | |
| if: env.HAS_SECRETS == 'HAS_SECRETS' | |
| - id: tag | |
| run: echo "##[set-output name=tag;]$(echo ${{ github.ref }}|sed 's%refs/tags/%%g')" | |
| if: startsWith(github.ref, 'refs/tags/') | |
| - run: sed --in-place 's/version = .*/version = "${{ steps.tag.outputs.tag }}"/g' build.gradle | |
| if: startsWith(github.ref, 'refs/tags/') | |
| - id: last-tag | |
| run: echo "##[set-output name=tag;]$(git describe --tags --abbrev=0)" | |
| if: "!startsWith(github.ref, 'refs/tags/')" | |
| - id: no-tag | |
| run: echo "##[set-output name=nb;]$(git log --oneline ${{ steps.last-tag.outputs.tag }}..HEAD|wc -l)" | |
| if: "!startsWith(github.ref, 'refs/tags/')" | |
| - run: sed --in-place 's/version = .*/version = "${{ steps.last-tag.outputs.tag }}"/g' build.gradle | |
| if: "!startsWith(github.ref, 'refs/tags/') && steps.no-tag.outputs.nb == 0" | |
| - run: | |
| sed --in-place 's/version = .*/version = "${{ steps.last-tag.outputs.tag }}+${{ steps.no-tag.outputs.nb | |
| }}"/g' build.gradle | |
| if: "!startsWith(github.ref, 'refs/tags/') && steps.no-tag.outputs.nb > 0" | |
| - run: echo "enablePublishing=true" > gradle.properties | |
| if: env.HAS_SECRETS == 'HAS_SECRETS' | |
| - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
| - run: python3 -m pip install --user --requirement=ci/requirements.txt | |
| - name: Checks | |
| run: c2cciutils-checks | |
| - run: make build | |
| - run: make acceptance-tests-up | |
| - run: make acceptance-tests-run | |
| # Extract artifacts | |
| - run: docker run --rm --detach --name=builder mapfish_print_builder || true | |
| if: always() | |
| - run: docker cp builder:/src/core/build/ core/build/ || true | |
| if: always() | |
| - run: docker cp mapfish-print-tests-1:/src/examples/build/ examples/build/ || true | |
| if: always() | |
| - run: docker compose logs || true | |
| if: failure() | |
| - run: mkdir -p core/build/resources/actual examples/build/reports core/build/reports examples/build/resources/test/examples | |
| if: always() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Test results | |
| path: core/build/resources/ | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Test generated | |
| path: core/build/resources/test/org | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Reports examples | |
| path: examples/build/reports | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Reports core | |
| path: core/build/reports | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Examples | |
| path: examples/build/resources/test/examples | |
| if-no-files-found: ignore | |
| if: failure() | |
| - name: Collect test results | |
| run: | | |
| mkdir -p /tmp/test_results/junit | |
| find . -name '*TEST-*.xml' -exec cp -v {} /tmp/test_results/junit/ \; | |
| if: failure() | |
| - uses: actions/upload-artifact@v1 | |
| with: | |
| name: Test results | |
| path: /tmp/test_results | |
| if: failure() | |
| - run: git stash | |
| if: always() | |
| - name: Publish | |
| run: c2cciutils-publish | |
| if: env.HAS_SECRETS == 'HAS_SECRETS' | |
| - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true | |
| if: failure() | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: Update dpkg versions list.patch | |
| path: /tmp/dpkg-versions.patch | |
| retention-days: 1 | |
| if: failure() | |
| - run: git stash pop | |
| - run: | |
| docker run --rm --env=GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} mapfish_print_builder bash -c 'gradle | |
| build && gradle publish' | |
| if: | |
| ( startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/master' ) && env.HAS_SECRETS == | |
| 'HAS_SECRETS' | |
| - id: version | |
| run: echo "##[set-output name=version;]$(grep version build.gradle|sed "s/ \+version = .\(.*\)./\1/g")" | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| with: | |
| tag_name: ${{ github.ref }} | |
| release_name: Release ${{ steps.tag.outputs.tag }} | |
| draft: false | |
| prerelease: false | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| if: startsWith(github.ref, 'refs/tags/') && env.HAS_SECRETS == 'HAS_SECRETS' | |
| - name: Upload Release Asset | |
| uses: actions/upload-release-asset@v1.0.2 | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./core/build/libs/print-servlet-${{ steps.version.outputs.version }}.war | |
| asset_name: print-servlet-${{ steps.version.outputs.version }}.war | |
| asset_content_type: application/java-archive | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| if: startsWith(github.ref, 'refs/tags/') && env.HAS_SECRETS == 'HAS_SECRETS' | |
| - name: Upload Release Asset | |
| uses: actions/upload-release-asset@v1.0.2 | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./core/build/distributions/core-${{ steps.version.outputs.version }}.zip | |
| asset_name: print-cli-${{ steps.version.outputs.version }}.zip | |
| asset_content_type: application/zip | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| if: startsWith(github.ref, 'refs/tags/') && env.HAS_SECRETS == 'HAS_SECRETS' | |
| - name: Upload Release Asset | |
| uses: actions/upload-release-asset@v1.0.2 | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./core/build/libs/print-lib-${{ steps.version.outputs.version }}.jar | |
| asset_name: print-lib-${{ steps.version.outputs.version }}.jar | |
| asset_content_type: application/java-archive | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| if: startsWith(github.ref, 'refs/tags/') && env.HAS_SECRETS == 'HAS_SECRETS' | |
| - name: Upload Release Asset | |
| uses: actions/upload-release-asset@v1.0.2 | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./core/build/libs/print-lib-${{ steps.version.outputs.version }}-sources.jar | |
| asset_name: print-lib-${{ steps.version.outputs.version }}-sources.jar | |
| asset_content_type: application/java-archive | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| if: startsWith(github.ref, 'refs/tags/') && env.HAS_SECRETS == 'HAS_SECRETS' | |
| - name: Upload Release Asset | |
| uses: actions/upload-release-asset@v1.0.2 | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./core/build/libs/print-lib-${{ steps.version.outputs.version }}-javadoc.jar | |
| asset_name: print-lib-${{ steps.version.outputs.version }}-javadoc.jar | |
| asset_content_type: application/java-archive | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| if: startsWith(github.ref, 'refs/tags/') && env.HAS_SECRETS == 'HAS_SECRETS' | |
| # Update the documentation | |
| - uses: actions/checkout@v2 | |
| with: | |
| repository: mapfish/mapfish-print-doc | |
| token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} | |
| path: mapfish-print-doc | |
| if: github.ref == 'refs/heads/master' && env.HAS_SECRETS == 'HAS_SECRETS' | |
| - name: Publish documentation | |
| run: | | |
| cd ${GITHUB_WORKSPACE}/mapfish-print-doc | |
| git config user.email "ci@camptocamp.com" | |
| git config user.name "CI" | |
| git rm --ignore-unmatch -rqf . | |
| docker cp builder:/src/docs/build/site/. . | |
| git add -A . | |
| git commit -m 'Update docs' | |
| git push origin gh-pages | |
| if: github.ref == 'refs/heads/master' && env.HAS_SECRETS == 'HAS_SECRETS' | |
| - name: Trigger changelog workflow | |
| uses: actions/github-script@v7 | |
| with: | |
| script: |- | |
| if (process.env.GITHUB_REF_TYPE == 'tag') { | |
| console.log('Trigger changelog'); | |
| await github.rest.repos.createDispatchEvent({ | |
| owner: 'mapfish', | |
| repo: 'mapfish-print', | |
| event_type: 'changelog', | |
| }); | |
| } |