-
Notifications
You must be signed in to change notification settings - Fork 22
107 lines (89 loc) · 3.37 KB
/
code-qualitiy.yml
File metadata and controls
107 lines (89 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Maven test
on:
workflow_dispatch:
pull_request:
permissions:
id-token: write
contents: read
jobs:
maven-quality:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
oss.sonatype.org:443
maven.artifacts.atlassian.com:443
packages.atlassian.com:443
release-assets.githubusercontent.com:443
repo.maven.apache.org:443
repo.spring.io:443
tuf-repo-cdn.sigstore.dev:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
- name: Checkout repostiory
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Verify action checksums
uses: chains-project/maven-lockfile/.github/actions/ghasum@3ddcf33c03217482c614440fd714375e9053e732 # 5.16.0
- name: Set up JDK 17
uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
with:
java-version: '17'
distribution: 'temurin'
- name: mvn clean verify
run: mvn clean verify
- name: Build with Maven
run: mvn --batch-mode --update-snapshots clean package
- name: Run doc check
run: mvn org.apache.maven.plugins:maven-javadoc-plugin:3.5.0:jar
- name: Run spotless check
run: mvn spotless:check
- name: Check maven pom quality
run: mvn org.kordamp.maven:pomchecker-maven-plugin:1.9.0:check-maven-central -D"checker.release=false"
reproducibility:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ${{ github.workspace }}/maven_plugin
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
fulcio.sigstore.dev:443
github.com:443
maven.artifacts.atlassian.com:443
objects.githubusercontent.com:443
oss.sonatype.org:443
packages.atlassian.com:443
rekor.sigstore.dev:443
release-assets.githubusercontent.com:443
repo.maven.apache.org:443
repo.spring.io:443
tuf-repo-cdn.sigstore.dev:443
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Verify action checksums
uses: chains-project/maven-lockfile/.github/actions/ghasum@3ddcf33c03217482c614440fd714375e9053e732 # 5.16.0
- name: Set up JDK 17
uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
with:
java-version: '17'
distribution: 'temurin'
- name: First build
run: mvn --batch-mode --update-snapshots clean package -DskipTests
- name: Save checksums of first build
run: sha256sum target/*.jar > /tmp/checksums.txt
- name: Rebuild
run: mvn --batch-mode clean package -DskipTests
- name: Compare JARs from both builds
run: sha256sum -c /tmp/checksums.txt