diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index a61a597..fa184f6 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -3,6 +3,9 @@ name: maven-build on: push: branches: ['**/**'] + pull_request: + branches: [main] + types: [opened, synchronize, reopened, ready_for_review] jobs: build: runs-on: ubuntu-latest @@ -13,33 +16,34 @@ jobs: COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN }} COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE }} GITHUB_TOKEN: ${{ github.token }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} MARKDOWN2HTML_MAVEN_PLUGIN_FAIL_ON_ERROR: true steps: - - name: 📄 Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 + - name: 📄 Checkout the repository + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: fetch-depth: 0 - name: 🧱 Set up JDK and Maven - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: adopt java-version: 17 gpg-private-key: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PRIVATE_KEY }} - - name: 📝 Store project version + - name: 📝 Get the project version id: project_version run: echo "project_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT - name: 📝 Store cache key id: cache_key run: echo "cache_key=${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }}-${{ github.sha }}" >> $GITHUB_OUTPUT - - name: 💾 Prepare Cache + - name: 💾 Prepare cache using cache key id: prepare-cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 with: path: | /home/runner/.m2 /home/runner/work key: ${{ steps.cache_key.outputs.cache_key }} - - name: 🔘 Generate settings.xml + - name: 🔘 Generate settings.xml for Maven uses: whelk-io/maven-settings-xml-action@9dc09b23833fa9aa7f27b63db287951856f3433d # v22 with: repositories: > @@ -88,8 +92,13 @@ jobs: ] - name: 🔘 Print settings.xml run: cat /home/runner/.m2/settings.xml - - name: 📦 Build with Maven - run: mvn --batch-mode clean package -P tests-with-weasyprint-docker + - name: 📦 Build with Maven for Pushes + if: github.event_name == 'push' + run: mvn --batch-mode clean package -P tests-with-weasyprint-docker sonar:sonar -Dsonar.branch.name=${{ github.head_ref }} + - name: 📦 Build with Maven for PRs + if: github.event_name == 'pull_request' + run: mvn --batch-mode clean package -P tests-with-weasyprint-docker sonar:sonar -Dsonar.pullrequest.base=${{ github.base_ref }} -Dsonar.pullrequest.branch=${{ github.head_ref }} + -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} outputs: project_version: ${{ steps.project_version.outputs.project_version }} cache_key: ${{ steps.cache_key.outputs.cache_key }} @@ -107,21 +116,21 @@ jobs: COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE }} steps: - name: 🧱 Set up JDK and Maven - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: adopt java-version: 17 gpg-private-key: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PRIVATE_KEY }} - - name: 💾 Restore Cache + - name: 💾 Restore cache using cache key id: restore-cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 with: path: | /home/runner/.m2 /home/runner/work key: ${{ needs.build.outputs.cache_key }} - - name: 📦 Publish to Maven Central - run: mvn --batch-mode -Dmaven.test.skip=true deploy -P gpg-sign -P nexus-staging + - name: 📦 Deploy artifacts to Maven Central + run: mvn --batch-mode deploy -P gpg-sign -P nexus-staging # Deploy release to GitHub Packages deploy-github-packages: @@ -137,20 +146,20 @@ jobs: GITHUB_TOKEN: ${{ github.token }} steps: - name: 🧱 Set up JDK and Maven - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: adopt java-version: 17 - - name: 💾 Restore Cache + - name: 💾 Restore cache using cache key id: restore-cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 with: path: | /home/runner/.m2 /home/runner/work key: ${{ needs.build.outputs.cache_key }} - - name: 📦 Publish to GitHub Packages - run: mvn --batch-mode -Dmaven.test.skip=true -Dmaven.javadoc.skip=true -Dmaven.source.skip=true deploy -P deploy-github-packages - - name: 📦 Upload assets + - name: 📦 Deploy artifacts to GitHub Packages + run: mvn --batch-mode -Dmaven.javadoc.skip=true -Dmaven.source.skip=true deploy -P deploy-github-packages + - name: 📦 Upload assets to GitHub Release run: |- gh release upload v${{ needs.build.outputs.project_version }} target/*-${{ needs.build.outputs.project_version }}.jar diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index da401b1..25e4fd1 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -10,14 +10,14 @@ jobs: name: Check commit messages runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} fetch-depth: 0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5 with: - cache: pip # caching pip dependencies + python-version: 3.x - run: pip install commitizen - name: Check commit messages run: cz check --rev-range origin/${GITHUB_BASE_REF}.. diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 32c85a1..57493be 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -12,7 +12,7 @@ jobs: steps: - name: release-please id: release - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4 + uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4 with: release-type: maven target-branch: main diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ff1c78e..7971b76 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,6 +9,8 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: + - id: check-added-large-files + - id: check-case-conflict - id: check-merge-conflict - id: trailing-whitespace - id: check-xml @@ -16,9 +18,22 @@ repos: - id: check-yaml - id: no-commit-to-branch - id: mixed-line-ending + - id: end-of-file-fixer - id: pretty-format-json args: [--autofix, --no-ensure-ascii, '--top-keys=openapi,info,servers,paths,components'] files: docs/openapi.json + - repo: local + hooks: + - id: sensitive-data-leak-urls + name: Sensitive data leak - URLs + entry: (?/data/workspace/.config` folder. +Stop Polarion. +Delete the `/data/workspace/.config` folder. Start Polarion. ## Configure PDF Exporter for Live Reports