Bump the gradle-updates group across 1 directory with 9 updates #48
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
| name: CI caab-api pr to main | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| types: [ closed ] | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| build-test-release: | |
| if: | | |
| github.event.pull_request.merged == true && !startsWith(github.event.pull_request.head.ref, 'dependabot/') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: main | |
| token: ${{ secrets.REPO_TOKEN }} | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - name: Build with Gradle | |
| uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 | |
| with: | |
| arguments: build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Test | |
| uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 | |
| with: | |
| arguments: jacocoTestCoverageVerification | |
| - name: Integration Test | |
| uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 | |
| with: | |
| arguments: integrationTest --tests '*IntegrationTest' | |
| - name: Set to github user | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Actions Bot" | |
| - name: Update version | |
| uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 | |
| with: | |
| arguments: release -Prelease.useAutomaticVersion=true | |
| vulnerability-report: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| SNYK_ORG: legal-aid-agency | |
| SNYK_TEST_EXCLUDE: build,generated | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Generate Snyk report and upload to LAA Dashboard | |
| uses: snyk/actions/[email protected] | |
| continue-on-error: true | |
| with: | |
| command: monitor | |
| args: --org=${SNYK_ORG} --all-projects --exclude=$SNYK_TEST_EXCLUDE | |
| - name: Generate sarif Snyk report | |
| uses: snyk/actions/[email protected] | |
| continue-on-error: true | |
| with: | |
| args: --org=$SNYK_ORG --all-projects --exclude=$SNYK_TEST_EXCLUDE --sarif-file-output=snyk-report.sarif | |
| - name: Fix undefined values | |
| run: | | |
| cat snyk-report.sarif | jq ' | |
| .runs[].tool[].rules[] | |
| |= ( | |
| if .properties["security-severity"] == "undefined" | |
| then .properties["security-severity"] = | |
| ( if .shortDescription.text | test("(?i)critical") then "9.0" | |
| elif .shortDescription.text | test("(?i)high") then "7.0" | |
| elif .shortDescription.text | test("(?i)medium") then "4.0" | |
| elif .shortDescription.text | test("(?i)low") then "0.1" | |
| else "" | |
| end | |
| ) | |
| else . | |
| end | |
| ) | |
| ' > snyk-report-cleansed.sarif | |
| - name: Upload result to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: snyk-report-cleansed.sarif |