.github/workflows/build.yaml

name: compliance check and build test

on: [push]

jobs:
  compliance:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Advance Security Policy as Code
        uses: advanced-security/policy-as-code@v2.5.0
        with:
          policy: GeekMasher/security-queries
          policy-path: $GITHUB_WORKSPACE/policies/default.yml

          token: ${{ secrets.ACCESS_TOKEN }}

          argvs: '--disable-dependabot --disable-secret-scanning --disable-code-scanning'

  build-maven:
    needs: compliance
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Inject slug/short variables
        uses: rlespinasse/github-slug-action@v4

      - name: Set up JDK
        uses: actions/setup-java@v3
        with:
          java-version: "21"
          distribution: "temurin"
          cache: "maven"

      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: 18

      - name: Build with Maven
        run: mvn -B verify -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN