Skip to content

Bump yogeshlonkar/trivy-cache-action from 0.1.9 to 0.1.10 #4666

Bump yogeshlonkar/trivy-cache-action from 0.1.9 to 0.1.10

Bump yogeshlonkar/trivy-cache-action from 0.1.9 to 0.1.10 #4666

Workflow file for this run

name: 'Ubuntu PostgreSQL build'
on:
push:
branches:
- 'master'
pull_request:
concurrency: # cancel on PR pushes
# More info: https://stackoverflow.com/a/68422069/253468
group: ${{ github.workflow }}-${{ ( github.ref == 'refs/heads/master' || github.ref == 'refs/heads/release' ) && format('ci-master-{0}', github.sha) || format('ci-master-{0}', github.ref) }}
cancel-in-progress: true
env:
MAVEN_OPTS: -Djava.awt.headless=true -Xms8G -Xmx12G -Dmaven.wagon.httpconnectionManager.ttlSeconds=25 -Dmaven.wagon.http.retryHandler.count=3 -Dtest.persistence.unit=brmo.persistence.postgresql
PGPASSWORD: postgres
PGUSER: postgres
PGDATABASE: postgres
MAVEN_VERSION: '3.9.9'
jobs:
build:
name: "Java ${{ matrix.java }} / PostGIS ${{ matrix.postgis }}"
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
java: [ 17 ]
java-dist: [ 'temurin' ]
# docker image tags from https://hub.docker.com/r/postgis/postgis/tags?page=1&ordering=last_updated
# zie ook https://www.postgresql.org/support/versioning/
postgis:
# t/m november 2025
- 13-3.5-alpine
# t/m november 2027
- 15-3.5-alpine
# t/m november 2028
- 16-3.5-alpine
# t/m november 2029
- 17-3.5-alpine
include:
- java: 21
java-dist: 'temurin'
postgis: 17-3.5-alpine
steps:
- uses: actions/checkout@v4
with:
lfs: true
- name: 'Cache test data'
uses: actions/cache@v4
with:
path: ~/downloads
key: downloads-${{ hashFiles('**/pom.xml') }}
restore-keys: |
downloads-
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
distribution: ${{ matrix.java-dist }}
java-version: ${{ matrix.java }}
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'Install extra software'
run: sudo apt install -y --no-install-recommends xmlstarlet
- name: 'Priming build'
run: |
mvn clean install -Dmaven.test.skip=true -Ddocker.skip=true -Dtest.onlyITs= -B -V -fae -Ppostgresql -DskipQA=true
projectversion=$(grep "<version>.*<.version>" -m1 pom.xml | sed -e "s/^.*<version/<version/" | cut -f2 -d">"| cut -f1 -d"<")
echo $projectversion
export PROJECTVERSION=$projectversion
sed -i s/\${project.version}/$projectversion/g ./brmo-persistence/db/create-brmo-persistence-postgresql.sql
sed -i s/\${project.version}/$projectversion/g ./datamodel/brk/brk2.0_postgresql.sql
- name: 'Set up PostgreSQL'
run: |
.build/ci/pgsql-start-docker.sh ${{ matrix.postgis }}
psql --version
psql -U postgres -h localhost -c 'SELECT version();'
.build/ci/pgsql-create-databases.sh
.build/ci/pgsql-setup.sh
- name: 'Prepare TopNL Data'
run: |
.build/ci/data-prepare-topnl.sh
- name: 'Test'
run: |
mvn -e test -B -Ppostgresql -pl '!brmo-dist' -Dtest.onlyITs=false -DskipQA=true
- name: 'Verify bag2-loader'
run: |
mvn -e verify -B -Ppostgresql -T1 -Dtest.onlyITs=true -pl 'bag2-loader' -DskipQA=true
.build/ci/pgsql-setup-bag2_views.sh
mvn resources:testResources compiler:testCompile surefire:test -Ppostgresql -pl datamodel -Dtest='!*UpgradeTest' -DskipQA=true
- name: 'Verify bgt-loader'
run: mvn -e verify -B -Ppostgresql -T1 -Dtest.onlyITs=true -pl 'bgt-loader' -DskipQA=true
- name: 'Verify brmo-loader'
run: mvn -e verify -B -Ppostgresql -Dtest.onlyITs=true -pl 'brmo-loader' -DskipQA=true
- name: 'Verify brmo-service'
run: mvn -e verify -B -Ppostgresql -Dtest.onlyITs=true -pl 'brmo-service' -DskipQA=true
- name: 'Verify brmo-stufbg204'
run: mvn -e verify -B -Ppostgresql -Dtest.onlyITs=true -pl 'brmo-stufbg204' -DskipQA=true
- name: 'Verify brmo-commandline'
run: mvn -e verify -B -Ppostgresql -Dtest.onlyITs=true -pl 'brmo-commandline' -DskipQA=true
- name: 'Verify nhr-loader'
run: mvn -e verify -B -Ppostgresql -Dtest.onlyITs=true -pl 'nhr-loader' -DskipQA=true
- name: 'Upload coverage to Codecov'
uses: codecov/codecov-action@v5
with:
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}
javadoc:
name: 'JavaDoc Check'
runs-on: ubuntu-latest
needs: qacheck
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
lfs: false
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'Javadoc'
run: mvn compile javadoc:javadoc -DskipQA=true
- name: 'Test Javadoc'
run: mvn test-compile javadoc:test-javadoc -DskipQA=true
dependency-review:
name: 'Dependency Review'
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
with:
lfs: false
- name: 'Dependency Review'
uses: actions/dependency-review-action@v4
qacheck:
name: 'QA checks'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
lfs: false
- name: 'Set up JDK'
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: 'maven'
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'QA build with Maven'
run: mvn -B -V -fae -DskipQA=false -Dfmt.action=check -Dpom.fmt.action=verify -Ddocker.skip=true -Dtest.onlyITs= -Dmaven.test.skip=true clean package
deploy:
name: 'Deploy docker images'
if: ${{ github.repository == 'B3Partners/brmo' && github.ref == 'refs/heads/master' && github.event_name == 'push' }}
needs: [ build, qacheck ]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
with:
lfs: false
- name: 'Set up JDK (ghcr.io)'
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: 'maven'
server-id: 'ghcr.io'
server-username: GITHUB_ACTOR
server-password: GITHUB_TOKEN
- name: 'Set up Maven'
uses: stCarolas/setup-maven@v5
with:
maven-version: ${{ env.MAVEN_VERSION }}
- name: 'Build and Push docker images'
env:
GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mvn -pl docker,datamodel -am -Dmaven.test.skip=true -Dtest.onlyITs= -B -V -fae -DskipQA=true -Ddocker.skip=true install
mvn -pl docker -Dmaven.test.skip=true -Dtest.onlyITs= -B -V -fae -DskipQA=true deploy
- name: 'Deploy brmo-service SBOM'
uses: DependencyTrack/gh-upload-sbom@v3
with:
serverhostname: ${{ secrets.DEPENDENCY_TRACK_HOSTNAME }}
apikey: ${{ secrets.DEPENDENCY_TRACK_APIKEY }}
project: 'ae922e6c-e182-46c4-b3fe-272eaeee6d9c'
bomfilename: 'brmo-service/target/bom.xml'
- name: 'Deploy brmo-stufbg204 SBOM'
uses: DependencyTrack/gh-upload-sbom@v3
with:
serverhostname: ${{ secrets.DEPENDENCY_TRACK_HOSTNAME }}
apikey: ${{ secrets.DEPENDENCY_TRACK_APIKEY }}
project: '72254d7c-c584-4821-b1e7-c806ebcd967e'
bomfilename: 'brmo-stufbg204/target/bom.xml'
- name: 'Set up JDK (repo.b3p.nl)'
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: 'maven'
server-id: 'repo.b3p.nl'
server-username: B3P_DEPLOY_ACTOR
server-password: B3P_DEPLOY_TOKEN
- name: 'Deploy Maven artifacts'
env:
B3P_DEPLOY_ACTOR: ${{ secrets.B3P_DEPLOY_ACTOR }}
B3P_DEPLOY_TOKEN: ${{ secrets.B3P_DEPLOY_TOKEN }}
run: |
mvn -Ddocker.skip=true -Dmaven.test.skip=true -Dtest.onlyITs= -B -V -fae -DskipQA=true deploy
cleanup:
name: 'Maven cache cleanup'
if: ${{ always() }}
needs: [ build, javadoc, qacheck ]
runs-on: ubuntu-latest
steps:
- uses: actions/cache@v4
with:
path: ~/.m2/repository
key: maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
maven-
- name: 'Cleanup snapshot cache'
run: |
find ~/.m2/repository -name "*SNAPSHOT*" -type d | xargs rm -rf {}