build(deps): bump step-security/harden-runner from 2.6.0 to 2.6.1 (#695) #2534
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: main | |
pull_request: | |
branches: main | |
schedule: | |
- cron: '0 16 * * *' | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
build: | |
if: ${{ github.repository_owner == 'ihub-pub' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 | |
with: | |
arguments: build -x test --scan | |
project-matrix: | |
if: ${{ github.repository_owner == 'ihub-pub' }} | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.name.outputs.test }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- id: name | |
name: Project Name Matrix | |
run: | | |
projects=() | |
for file in ./* | |
do | |
if [[ $file =~ "ihub-" ]] | |
then | |
projects[${#projects[@]}]=$(basename $file) | |
fi | |
done | |
p=$(IFS=,; echo "${projects[*]}") | |
p=${p//,/\",\"} | |
echo "test=[\"$p\"]" >> $GITHUB_OUTPUT | |
matrix-test: | |
runs-on: ubuntu-latest | |
needs: project-matrix | |
strategy: | |
matrix: | |
project_name: ${{ fromJson(needs.project-matrix.outputs.matrix) }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
if: ${{ matrix.project_name != 'ihub-plugins' }} | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Checkout ref main | |
if: ${{ matrix.project_name == 'ihub-plugins' }} | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: main | |
fetch-depth: 0 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Testspace Setup CLI | |
uses: testspace-com/setup-testspace@ee1482f978eb5010ec27b6f6372904f01f2edd68 # v1.0.6 | |
with: | |
domain: ${{ github.repository_owner }} | |
- name: Chmod | |
run: chmod +x ./gradlew | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 | |
with: | |
arguments: ${{ matrix.project_name }}:test -DiHubTest.failFast=true | |
- name: Upload Coverage Reports | |
if: ${{ github.repository_owner == 'ihub-pub' }} | |
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
- name: Publish Results to Testspace | |
run: testspace */build/test-results/test/*.xml */build/reports/*/test/*.xml | |
- name: Upload Test Result | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: ${{ matrix.project_name }}-test | |
path: | | |
*/build/reports/tests | |
retention-days: 1 | |
check: | |
runs-on: ubuntu-latest | |
needs: [ build, matrix-test ] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Check Status | |
run: echo "Check Status" |