diff options
| author | Kathrin <155988774+kathrin-7978@users.noreply.github.com> | 2026-04-22 08:16:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-04-22 08:16:12 +0200 |
| commit | 3901740beba6b2673246b1171c12f908f8a359bb (patch) | |
| tree | 1765525163f58f7b0fed2f87eafa492f401d5c8b | |
| parent | f02ecf0235cb17c90e9d1d8c155bd64e729fa46e (diff) | |
| download | pdf-as-4-3901740beba6b2673246b1171c12f908f8a359bb.tar.gz pdf-as-4-3901740beba6b2673246b1171c12f908f8a359bb.tar.bz2 pdf-as-4-3901740beba6b2673246b1171c12f908f8a359bb.zip | |
Fix/ci tools (#85)
* fix(ci): clean up to avoid multiple test reports
* differentiate between verified and unverified secrets
* fail secret detection only in case of verified secrets
* refactoring and replace legacy uploadArchives with modern Maven publishing
| -rw-r--r-- | .github/workflows/build.yml | 37 | ||||
| -rw-r--r-- | README.md | 2 |
2 files changed, 14 insertions, 25 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 147cad55..b3341273 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,18 +36,10 @@ jobs: uses: actions/checkout@v4 with: path: ${{ env.REPO_PATH }} - fetch-depth: 2 + fetch-depth: 0 - - name: Install jq (local) - run: | - command -v jq >/dev/null || { - mkdir -p "$HOME/.local/bin" - curl -fsSL -o "$HOME/.local/bin/jq" https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 - chmod +x "$HOME/.local/bin/jq" - echo "$HOME/.local/bin" >> "$GITHUB_PATH" - export PATH="$HOME/.local/bin:$PATH" - } - jq --version + - name: Install jq + uses: dcarbone/install-jq-action@v3 - name: Dependency Scanning (OWASP Dependency-Check) uses: dependency-check/Dependency-Check_Action@main @@ -69,6 +61,7 @@ jobs: uses: trufflesecurity/trufflehog@v3.94.3 with: path: ${{ env.REPO_PATH }} + extra_args: --results=verified build-and-analyse: name: Build & Quality Checks @@ -83,6 +76,12 @@ jobs: working-directory: ${{ env.REPO_PATH }} steps: + - name: Clean old run folders + working-directory: ${{ github.workspace }} + run: | + set -euo pipefail + find . -maxdepth 1 -type d -name 'repo-*-*' -print -exec rm -rf {} + + - name: Checkout uses: actions/checkout@v4 with: @@ -162,7 +161,6 @@ jobs: runs-on: [self-hosted, linux] needs: build-and-analyse if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} - environment: release env: REPO_PATH: repo-${{ github.run_id }}-${{ github.job }} @@ -181,9 +179,7 @@ jobs: with: distribution: temurin java-version: 17 - - - name: Set SHORT_SHA - run: echo "SHORT_SHA=${GITHUB_SHA:0:8}" >> "$GITHUB_ENV" + cache: gradle - name: Setup SSH known_hosts env: @@ -193,12 +189,5 @@ jobs: echo $DEPLOY_EGIZ | base64 --decode > ~/.ssh/known_hosts chmod 644 ~/.ssh/known_hosts - - name: Assemble & Upload Archives - run: ./gradlew --stacktrace -x test assemble uploadArchives - - - name: Upload variables.env - uses: actions/upload-artifact@v4 - if: always() - with: - name: ${{ github.event.repository.name }}-${{ env.SHORT_SHA }} - path: ${{ env.REPO_PATH }}/variables.env
\ No newline at end of file + - name: Build and Publish + run: ./gradlew --stacktrace -x test publish
\ No newline at end of file @@ -20,7 +20,7 @@ Release folder needs to be uploaded to https://apps.egiz.gv.at/releases/pdf-as/r Create mvn repo folder by running: -`./gradlew uploadArchives` +`./gradlew publish` The generated mvn repo needs to be uploaded to https://apps.egiz.gv.at/maven/at/gv/egiz/pdfas/ |