valitydev/java-workflow
14
0
Fork 0
mirror of https://github.com/valitydev/java-workflow.git synced 2024-11-06 09:35:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
530897f4da
java-workflow/.github/workflows/maven-library-build.yml
AydarN 28aa246a03
Update maven-library-build.yml
2023-06-30 06:05:33 +03:00

92 lines
2.3 KiB
YAML
Raw Blame History

name: Maven Build Artifact
on:
workflow_call:
inputs:
java-version:
description: 'Java version'
required: false
default: "17"
type: string
java-distribution:
description: 'Java distribution'
required: false
default: "temurin"
type: string
mvn-options:
description: 'Additional maven options'
required: false
default: ""
type: string
mvn-args:
description: 'Additional maven args'
required: false
default: ""
type: string
jobs:
build:
runs-on: ubuntu-20.04
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: ${{ inputs.java-version }}
distribution: ${{ inputs.java-distribution }}
cache: 'maven'
- name: Maven Compile
run: |
mvn \
--no-transfer-progress \
--batch-mode ${{ inputs.mvn-options }} \
clean compile site
- name: Upload SBOM
uses: actions/upload-artifact@v3
with:
name: bom.json
path: 'target/bom.json'
test-coverage:
runs-on: ubuntu-20.04
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: ${{ inputs.java-version }}
distribution: ${{ inputs.java-distribution }}
cache: 'maven'
- name: Maven Verify
run: |
mvn \
--no-transfer-progress \
--batch-mode ${{ inputs.mvn-options }} \
clean verify ${{ inputs.mvn-args }}
- name: Upload code coverage
uses: codecov/codecov-action@v3
scan:
name: Scan with Trivy
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Trivy CLI
run: |
wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
- uses: actions/download-artifact@v3
with:
name: bom.json
- name: Run Trivy with SBOM
run: trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
Reference in New Issue View Git Blame Copy Permalink