Skip to content

chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 #10233

chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6

chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 #10233

Workflow file for this run

name: Build
on:
push:
branches:
- develop
pull_request:
branches:
- develop
types:
- opened
- reopened
- synchronize
- labeled
env:
MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
MAVEN_CLI_OPTS: >-
--settings settings.xml
-V --no-transfer-progress -Dspring.main.banner-mode=off -Ddoclint=none
-Denvironment.host=${{ vars.ENVIRONMENT_HOST }}
-Denvironment.apa.host=${{ vars.ENVIRONMENT_APA_HOST }}
-Denvironment.application.name=${{ vars.ENVIRONMENT_APP }}
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name || github.run_id }}
cancel-in-progress: true
jobs:
pre-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Check dependabot build
uses: Activiti/Activiti/.github/actions/check-ext-build@7700f0283a9ff5181581a350d2520e55c61c1c60 # 8.6.0
- name: pre-commit
uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
with:
skip_checkout: true
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@38608ef4fb69adae7f1eac6eeb88e67b7d083bfd # v3.0.16
build:
runs-on: ubuntu-latest
needs:
- pre-checks
outputs:
version: ${{ steps.build-and-tag.outputs.version }}
steps:
- uses: Alfresco/alfresco-build-tools/.github/actions/maven-build-and-tag@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
id: build-and-tag
with:
upload-jars: 'true'
extra-maven-opts: -T 1C -DunitTests.parallel=true
maven-username: ${{ secrets.NEXUS_USERNAME }}
maven-password: ${{ secrets.NEXUS_PASSWORD }}
quay-username: ${{ secrets.QUAY_USERNAME }}
quay-password: ${{ secrets.QUAY_PASSWORD }}
docker-username: ${{ secrets.DOCKER_USERNAME }}
docker-password: ${{ secrets.DOCKER_PASSWORD }}
git-username: ${{ secrets.BOT_GITHUB_USERNAME }}
java-version: '21'
promote:
runs-on: ubuntu-latest
needs:
- build
if: github.event_name == 'push'
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Extract version from branch name
id: extract_version
run: |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "Project version is $VERSION"
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Create GitHub tag
if: ${{ !endsWith(env.VERSION, 'SNAPSHOT') }}
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
run: |
git tag ${{ env.VERSION }}
git push origin ${{ env.VERSION }}
- name: Create gh Release
if: ${{ !endsWith(env.VERSION, 'SNAPSHOT') }}
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
run: |
gh release create ${VERSION} --title ${VERSION} --notes "Release ${VERSION}"
notify:
runs-on: ubuntu-latest
needs:
- promote
if: always() && failure() && github.event_name == 'push'
steps:
- name: Slack Notification
uses: Alfresco/alfresco-build-tools/.github/actions/send-slack-notification@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0
with:
channel-id: 'C03PE6U4MU1' # eng-hxp-studio-be-gh-notifs, to be renamed eng-automate-be-gh-notifs
token: ${{ secrets.SLACK_NOTIFICATION_BOT_TOKEN }}