Skip to content

fix: fixing deployment size (#214) #23

fix: fixing deployment size (#214)

fix: fixing deployment size (#214) #23

Workflow file for this run

name: Analysis
on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
push:
branches: [main]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
tests:
name: Tests
if: ${{ ! github.event.pull_request.draft }}
runs-on: ubuntu-22.04
steps:
- uses: bcgov-nr/action-test-and-analyse-java@v1.0.0
with:
commands: |
mvn -B verify -P all-tests checkstyle:checkstyle -Dcheckstyle.skip=false
dir: .
java-cache: maven
java-distribution: temurin
java-version: "17"
sonar_args: >
-Dsonar.organization=bcgov-sonarcloud
-Dsonar.projectKey=bcgov_forest-client-api
sonar_token: ${{ secrets.SONAR_TOKEN }}
- name: Archive CycloneDX
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: cyclone
path: target/bom.json
retention-days: 5
- name: Use Checkstyle report
continue-on-error: true
uses: jwgmeligmeyling/checkstyle-github-action@master
with:
path: "**/checkstyle-result.xml"
- name: Publish Test Report
uses: mikepenz/action-junit-report@v4
continue-on-error: true
if: success() || failure() # always run even if the previous step fails
with:
report_paths: "target/**/TEST-*.xml"
commit: ${{ github.event.pull_request.head.sha }}
summary: Pull Request Tests
detailed_summary: true
job_name: Tests
- name: Add coverage to PR
id: jacoco
continue-on-error: true
uses: madrapps/jacoco-report@v1.6
with:
paths: target/coverage-reports/merged-test-report/jacoco.xml
token: ${{ secrets.GITHUB_TOKEN }}
min-coverage-overall: 75
min-coverage-changed-files: 75
# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Trivy Security Scan
if: ${{ ! github.event.pull_request.draft }}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: aquasecurity/trivy-action@0.16.1
with:
format: "sarif"
ignore-unfixed: true
output: "trivy-results.sarif"
scan-type: "fs"
scanners: "vuln,secret,config"
severity: "CRITICAL,HIGH"
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
codeql:
name: CodeQL
runs-on: ubuntu-22.04
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
cache: "maven"
- uses: github/codeql-action/init@v3
- run: ./mvnw clean package
- uses: github/codeql-action/analyze@v3