Skip to content

feat: add trivy + codeQL vulnerability check #1

feat: add trivy + codeQL vulnerability check

feat: add trivy + codeQL vulnerability check #1

Workflow file for this run

name: Check
on:
pull_request:
branches:
- '*' # Trigger on all branches for pull requests
# also run workflow to refresh cache
workflow_dispatch: {}
schedule:
# roughly every 6 days
- cron: '0 0 2,6,10,16,22,28 * *'
# env:
# instead of embedded Maven use local Maven CLI
# HALE_BUILD_MAVEN_EMBEDDED: 'false'
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Setup Maven
uses: s4u/setup-maven-action@6d44c18d67d9e1549907b8815efa5e4dada1801b # v1.12.0
with:
java-version: 17
java-distribution: temurin
maven-version: 3.9.6
- name: Clean
run: ./build.sh clean
working-directory: ./build
- name: Test
run: ./build.sh commitStage
working-directory: ./build
- name: Publish Test Report
uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1
if: always() # always run even if the previous step fails
with:
# fail if there are no test results
require_tests: true
# Workaround for check that is additionally created being associated
# to the wrong workflow/run. Instead no additional check is created.
# See https://github.com/mikepenz/action-junit-report/issues/40
annotate_only: true
detailed_summary: true
report_paths: 'build/target/testReports/*.xml'
# TODO archive logs?
# build/target/testReports/*.out,build/target/testReports/*.err