steps:
# Harden the runner used by this workflow
# yamllint disable-line rule:line-length
- - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+ - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
egress-policy: audit
- name: Notify job start
# yamllint disable-line rule:line-length
- uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8
+ uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9
with:
host: ${{ vars.GERRIT_SERVER }}
username: ${{ vars.GERRIT_SSH_USER }}
steps:
# Harden the runner used by this workflow
# yamllint disable-line rule:line-length
- - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+ - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
egress-policy: audit
+ # yamllint disable-line rule:line-length
+ - uses: lfreleng-actions/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
+ with:
+ gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
+ gerrit-url: ${{ vars.GERRIT_URL }}
+ delay: "0s"
+
+ - name: 'Extract project name from .gitreview'
+ id: extract-project
+ run: |
+ if [ -f .gitreview ]; then
+ PROJECT_NAME=$(grep '^project=' .gitreview | cut -d'=' -f2 | sed 's/\.git$//' | tr '/' '-')
+ echo "project-name=${PROJECT_NAME}" >> $GITHUB_OUTPUT
+ echo "Detected project: ${PROJECT_NAME}"
+ else
+ echo "Error: .gitreview file not found"
+ exit 1
+ fi
+
- name: Load secret from 1Password
uses: 1password/load-secrets-action@13f58eec611f8e5db52ec16247f58c508398f3e6 # v3.0.0
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
- NEXUS_PASSWORD: op://elnqtgip7eqavqvgodjbiiaqd4/ccsdk-apps/password
+ NEXUS_PASSWORD: op://elnqtgip7eqavqvgodjbiiaqd4/${{ steps.extract-project.outputs.project-name }}/password
- name: 'Output SHA1 sum of password'
env:
VALUE_SHA1=$(echo -n "$NEXUS_PASSWORD" | sha1sum | awk '{print $1}')
echo "SHA1 sum of NEXUS_PASSWORD is: $VALUE_SHA1"
- # yamllint disable-line rule:line-length
- - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
- with:
- gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
- gerrit-url: ${{ vars.GERRIT_URL }}
- delay: "0s"
-
- - name: 'Setup JDK'
- # yamllint disable-line rule:line-length
- uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
- with:
- java-version: '17'
- distribution: 'temurin'
-
- - name: 'Setup Maven'
- # yamllint disable-line rule:line-length
- uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0
- with:
- java-version: '17'
- maven-version: '3.8.2'
-
- - name: Create Maven global settings.xml
+ - name: 'Generate Maven global settings'
+ id: create-settings
env:
- NEXUS_PASSWORD: $NEXUS_PASSWORD
+ NEXUS_PASSWORD: ${{ env.NEXUS_PASSWORD }}
run: |
- cat > global-settings.xml << 'EOF'
+ # Extract project name from .gitreview file
+ if [ -f .gitreview ]; then
+ PROJECT_NAME=$(grep '^project=' .gitreview | cut -d'=' -f2 | sed 's/\.git$//' | tr '/' '-')
+ echo "Detected project: ${PROJECT_NAME}"
+ else
+ echo "Error: .gitreview file not found"
+ exit 1
+ fi
+
+ cat > global-settings.xml << EOF
<settings>
<servers>
<server>
<id>ecomp-releases</id>
- <username>cps</username>
+ <username>${PROJECT_NAME}</username>
<password>${NEXUS_PASSWORD}</password>
</server>
<server>
<id>ecomp-snapshots</id>
- <username>cps</username>
+ <username>${PROJECT_NAME}</username>
<password>${NEXUS_PASSWORD}</password>
</server>
<server>
<id>onap-releases</id>
- <username>cps</username>
+ <username>${PROJECT_NAME}</username>
<password>${NEXUS_PASSWORD}</password>
</server>
<server>
<id>onap-snapshots</id>
- <username>cps</username>
+ <username>${PROJECT_NAME}</username>
<password>${NEXUS_PASSWORD}</password>
</server>
<server>
<id>nexus3.onap.org:10003</id>
- <username>cps</username>
+ <username>${PROJECT_NAME}</username>
<password>${NEXUS_PASSWORD}</password>
</server>
</servers>
</activeProfiles>
</settings>
EOF
+ {
+ echo 'settings-content<<SETTINGS_EOF'
+ cat global-settings.xml
+ echo 'SETTINGS_EOF'
+ } >> $GITHUB_OUTPUT
- name: 'Build with Maven'
- # When scanning Java code, the build should be completed beforehand
- run: |
- echo "Maven build starting with global settings"
- cat global-settings.xml
- mvn -B clean package -DskipTests \
- --global-settings global-settings.xml \
- -Ddocker.push.registry=nexus3.onap.org:10003 \
- -Ddocker.pull.registry=nexus3.onap.org:10003 \
- -DaltDeploymentRepository=staging::default::file:"${GITHUB_WORKSPACE}"/m2repo \
- -Dmaven.repo.local=/tmp/r \
- -Dorg.ops4j.pax.url.mvn.localRepository=/tmp/r \
- -Djib.skip=true \
- -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
+ # yamllint disable-line rule:line-length
+ uses: lfreleng-actions/maven-build-action@main
+ with:
+ jdk-version: '17'
+ distribution: 'temurin'
+ mvn-version: '3.8.2'
+ mvn-phases: 'clean package'
+ mvn-params: '-DskipTests -Djib.skip=true'
+ # yamllint disable-line rule:line-length
+ mvn-opts: '-Ddocker.push.registry=nexus3.onap.org:10003 -Ddocker.pull.registry=nexus3.onap.org:10003 -Dmaven.repo.local=/tmp/r -Dorg.ops4j.pax.url.mvn.localRepository=/tmp/r -DaltDeploymentRepository=staging::default::file:"${GITHUB_WORKSPACE}"/m2repo -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn'
+ global-settings: |
+ ${{ steps.create-settings.outputs.settings-content }}
+ run-jacoco: 'false'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- NEXUS_PASSWORD: $NEXUS_PASSWORD
- name: 'Create CBOM'
# yamllint disable-line rule:line-length
- uses: PQCA/cbomkit-action@a13ffe2a31c50dcc222ecc49d79897f5acff6d14 # v2.1.0
+ uses: PQCA/cbomkit-action@fe04ae510fe80fcfa7d145859fcba8e5dbd0b649 # v2.1.2
id: cbom
env:
CBOMKIT_LANGUAGES: java, python # or java or python
- name: 'Commit changes to new branch'
# Allows persisting the CBOMs after job completion and
# sharing them with another job in the same workflow.
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+ uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: 'CBOM'
path: ${{ steps.cbom.outputs.pattern }}
steps:
# Harden the runner used by this workflow
# yamllint disable-line rule:line-length
- - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+ - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
with:
egress-policy: audit
- name: Report workflow conclusion
# yamllint disable-line rule:line-length
- uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8
+ uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9
with:
host: ${{ vars.GERRIT_SERVER }}
username: ${{ vars.GERRIT_SSH_USER }}
known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
- vote-type: ${{ env.WORKFLOW_CONCLUSION }}
+ vote-type: ${{ env.WORKFLOW_CONCLUSION }}
\ No newline at end of file
Code Review / ccsdk / apps.git / commitdiff