From 3901740beba6b2673246b1171c12f908f8a359bb Mon Sep 17 00:00:00 2001 From: Kathrin <155988774+kathrin-7978@users.noreply.github.com> Date: Wed, 22 Apr 2026 08:16:12 +0200 Subject: Fix/ci tools (#85) * fix(ci): clean up to avoid multiple test reports * differentiate between verified and unverified secrets * fail secret detection only in case of verified secrets * refactoring and replace legacy uploadArchives with modern Maven publishing --- .github/workflows/build.yml | 37 +++++++++++++------------------------ README.md | 2 +- 2 files changed, 14 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 147cad55..b3341273 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,18 +36,10 @@ jobs: uses: actions/checkout@v4 with: path: ${{ env.REPO_PATH }} - fetch-depth: 2 + fetch-depth: 0 - - name: Install jq (local) - run: | - command -v jq >/dev/null || { - mkdir -p "$HOME/.local/bin" - curl -fsSL -o "$HOME/.local/bin/jq" https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 - chmod +x "$HOME/.local/bin/jq" - echo "$HOME/.local/bin" >> "$GITHUB_PATH" - export PATH="$HOME/.local/bin:$PATH" - } - jq --version + - name: Install jq + uses: dcarbone/install-jq-action@v3 - name: Dependency Scanning (OWASP Dependency-Check) uses: dependency-check/Dependency-Check_Action@main @@ -69,6 +61,7 @@ jobs: uses: trufflesecurity/trufflehog@v3.94.3 with: path: ${{ env.REPO_PATH }} + extra_args: --results=verified build-and-analyse: name: Build & Quality Checks @@ -83,6 +76,12 @@ jobs: working-directory: ${{ env.REPO_PATH }} steps: + - name: Clean old run folders + working-directory: ${{ github.workspace }} + run: | + set -euo pipefail + find . -maxdepth 1 -type d -name 'repo-*-*' -print -exec rm -rf {} + + - name: Checkout uses: actions/checkout@v4 with: @@ -162,7 +161,6 @@ jobs: runs-on: [self-hosted, linux] needs: build-and-analyse if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} - environment: release env: REPO_PATH: repo-${{ github.run_id }}-${{ github.job }} @@ -181,9 +179,7 @@ jobs: with: distribution: temurin java-version: 17 - - - name: Set SHORT_SHA - run: echo "SHORT_SHA=${GITHUB_SHA:0:8}" >> "$GITHUB_ENV" + cache: gradle - name: Setup SSH known_hosts env: @@ -193,12 +189,5 @@ jobs: echo $DEPLOY_EGIZ | base64 --decode > ~/.ssh/known_hosts chmod 644 ~/.ssh/known_hosts - - name: Assemble & Upload Archives - run: ./gradlew --stacktrace -x test assemble uploadArchives - - - name: Upload variables.env - uses: actions/upload-artifact@v4 - if: always() - with: - name: ${{ github.event.repository.name }}-${{ env.SHORT_SHA }} - path: ${{ env.REPO_PATH }}/variables.env \ No newline at end of file + - name: Build and Publish + run: ./gradlew --stacktrace -x test publish \ No newline at end of file diff --git a/README.md b/README.md index 245f2746..941fc4f3 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Release folder needs to be uploaded to https://apps.egiz.gv.at/releases/pdf-as/r Create mvn repo folder by running: -`./gradlew uploadArchives` +`./gradlew publish` The generated mvn repo needs to be uploaded to https://apps.egiz.gv.at/maven/at/gv/egiz/pdfas/ -- cgit v1.2.3