Skip to content

chore(deps): bump github/codeql-action from 3.27.6 to 3.27.8 #10319

chore(deps): bump github/codeql-action from 3.27.6 to 3.27.8

chore(deps): bump github/codeql-action from 3.27.6 to 3.27.8 #10319

Workflow file for this run

name: Build
on:
push:
branches:
- develop
pull_request:
branches:
- develop
types:
- opened
- reopened
- synchronize
- labeled
env:
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_CLI_OPTS: >-
--settings settings.xml
-V --no-transfer-progress -Dspring.main.banner-mode=off -Ddoclint=none
-Denvironment.host=${{ vars.ENVIRONMENT_HOST }}
-Denvironment.apa.host=${{ vars.ENVIRONMENT_APA_HOST }}
-Denvironment.application.name=${{ vars.ENVIRONMENT_APP }}
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }}
cancel-in-progress: true
jobs:
pre-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Check dependabot build
uses: Activiti/Activiti/.github/actions/check-ext-build@7700f0283a9ff5181581a350d2520e55c61c1c60 # 8.6.0
- name: pre-commit
uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
skip_checkout: true
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@5d6ac37a4cef8b8df67f482a8e384987766f0213 # v3.0.17
build:
runs-on: ubuntu-latest
needs:
- pre-checks
outputs:
version: ${{ steps.build-and-tag.outputs.version }}
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/maven-build-and-tag@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
id: build-and-tag
with:
upload-jars: 'true'
extra-maven-opts: -T 1C -DunitTests.parallel=true
maven-username: ${{ secrets.NEXUS_USERNAME }}
maven-password: ${{ secrets.NEXUS_PASSWORD }}
quay-username: ${{ secrets.QUAY_USERNAME }}
quay-password: ${{ secrets.QUAY_PASSWORD }}
docker-username: ${{ secrets.DOCKER_USERNAME }}
docker-password: ${{ secrets.DOCKER_PASSWORD }}
git-username: ${{ secrets.BOT_GITHUB_USERNAME }}
java-version: '21'
promote:
runs-on: ubuntu-latest
needs:
- build
if: github.event_name == 'push'
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Extract version from branch name
id: extract_version
run: |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "Project version is $VERSION"
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Create GitHub tag
if: ${{ !endsWith(env.VERSION, 'SNAPSHOT') }}
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
run: |
git tag ${{ env.VERSION }}
git push origin ${{ env.VERSION }}
- name: Create gh Release
if: ${{ !endsWith(env.VERSION, 'SNAPSHOT') }}
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
run: |
gh release create ${VERSION} --title ${VERSION} --notes "Release ${VERSION}"
notify:
runs-on: ubuntu-latest
needs:
- promote
if: always() && failure() && github.event_name == 'push'
steps:
- name: Teams Notification
uses: Alfresco/alfresco-build-tools/.github/actions/send-teams-notification@43b8dd18f509dc920089cdf54269f13a5c02022d # v8.5.0
with:
webhook-url: ${{ secrets.TEAMS_NOTIFICATION_AUTOMATE_BACKEND_WEBHOOK }}