From 811f43d75c8c2dffc8b570a00e8b2f3ef92a4bbb Mon Sep 17 00:00:00 2001
From: Ulli Hafner <ullrich.hafner@gmail.com>
Date: Wed, 27 Nov 2024 11:11:23 +0100
Subject: [PATCH] Fix commit ID for CI.

---
 .github/workflows/quality-monitor.yml | 47 +++++++++++++++++++++++++--
 1 file changed, 45 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/quality-monitor.yml b/.github/workflows/quality-monitor.yml
index b27513d..12c12cb 100644
--- a/.github/workflows/quality-monitor.yml
+++ b/.github/workflows/quality-monitor.yml
@@ -10,9 +10,12 @@ jobs:
     name: Build, test and monitor quality on Ubuntu
 
     steps:
+      - uses: actions/checkout@v4
+        if: github.event_name == 'push'
       - uses: actions/checkout@v4
         with:
-          ref: "refs/pull/${{ github.event.number }}/merge"
+          ref: "${{ github.event.pull_request.merge_commit_sha }}"
+        if: github.event_name == 'pull_request_target'
       - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
@@ -24,10 +27,16 @@ jobs:
         uses: stCarolas/setup-maven@v5
         with:
           maven-version: 3.9.9
+      - name: Cache the NVD database
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository/org/owasp/dependency-check-data
+          key: dependency-check
       - name: Build with Maven
         env:
           BROWSER: chrome-container
-        run: mvn -V --color always -ntp clean verify -Ppit -Pci | tee maven.log
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+        run: mvn -V --color always -ntp clean verify -Ppit -Pci -Powasp | tee maven.log
       - name: Extract pull request number
         uses: jwalton/gh-find-current-pr@v1
         id: pr
@@ -72,6 +81,21 @@ jobs:
                       "id": "spotbugs",
                       "sourcePath": "src/main/java",
                       "pattern": "**/target/spotbugsXml.xml"
+                    },
+                    {
+                      "id": "error-prone",
+                      "pattern": "**/maven.log"
+                    }
+                  ]
+                },
+                {
+                  "name": "Vulnerabilities",
+                  "id": "vulnerabilities",
+                  "icon": "shield",
+                  "tools": [
+                    {
+                      "id": "owasp-dependency-check",
+                      "pattern": "**/target/dependency-check-report.json"                    
                     }
                   ]
                 }
@@ -95,6 +119,25 @@ jobs:
                       "pattern": "**/target/site/jacoco/jacoco.xml"
                     }
                   ]
+                },
+                {
+                  "name": "Mutation Coverage",
+                  "tools": [
+                    {
+                      "id": "pit",
+                      "name": "Mutation Coverage",
+                      "metric": "mutation",
+                      "sourcePath": "src/main/java",
+                      "pattern": "**/target/pit-reports/mutations.xml"
+                    },
+                    {
+                      "id": "pit",
+                      "name": "Test Strength",
+                      "metric": "test-strength",
+                      "sourcePath": "src/main/java",
+                      "pattern": "**/target/pit-reports/mutations.xml"
+                    }
+                  ]
                 }
               ],
               "metrics":