-
Notifications
You must be signed in to change notification settings - Fork 7
188 lines (183 loc) · 6.72 KB
/
Copy pathjava_pr.yml
File metadata and controls
188 lines (183 loc) · 6.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
name: Java PR workflow
on:
workflow_call:
inputs:
bypass-checks:
type: boolean
default: false
description: Do not fail pipeline if checks failed
style-checks-enabled:
type: boolean
default: true
description: Enable style_checks
style-checks-bypassed:
type: boolean
default: false
description: Do not fail pipeline if style_checks failed
code-checks-enabled:
type: boolean
default: true
description: Enable code_checks
code-checks-bypassed:
type: boolean
default: false
description: Do not fail pipeline if code_checks failed
ort-enabled:
type: boolean
default: true
description: Enable ORT scanning
ort-bypassed:
type: boolean
default: false
description: Do not fail pipeline if ORT scan failed
ort-version:
type: string
default: "85.0.0" # HACK: pin ORT version due to java.util.NoSuchElementException in 85.1.0
description: ORT version to use
ort-config-repository:
type: string
default: "https://github.com/oss-review-toolkit/ort-config.git"
description: ORT config repository to use
ort-config-revision:
type: string
default: "5650fed55a20397b9abb9017a0c6bb674dc8481d"
description: ORT config revision to use
trivy-enabled:
type: boolean
default: true
description: Enable Trivy scanning
trivy-bypassed:
type: boolean
default: false
description: Do not fail pipeline if Trivy failed
trivy-severity:
type: string
default: "CRITICAL,HIGH"
description: Severities of vulnerabilities to fail the build
trivy-severity-for-sarif:
type: string
default: "CRITICAL,HIGH"
description: Severities of vulnerabilities in SARIF report
trivy-limit-severities-for-sarif:
type: boolean
default: true
description: By default SARIF format enforces output of all vulnerabilities regardless of configured severities. To override this behavior set this parameter to true and specify desired severities in the `trivy-severity-for-sarif` parameter
java-version:
type: string
default: "17"
description: Java version to use
java-distribution:
type: string
default: "temurin"
description: Java distribution to use
maximize-build-space:
type: boolean
default: false
description: Maximize build space by removing unwanted software
runs-on:
type: string
description: Overrides jobs runs-on settings (json-encoded list)
default: '["ubuntu-24.04"]'
platforms:
type: string
description: Docker build platforms
default: "linux/amd64"
jobs:
test:
uses: ./.github/workflows/java_test.yml
with:
bypass-checks: ${{ inputs.bypass-checks }}
style-checks-enabled: ${{ inputs.style-checks-enabled }}
style-checks-bypassed: ${{ inputs.style-checks-bypassed }}
code-checks-enabled: ${{ inputs.code-checks-enabled }}
code-checks-bypassed: ${{ inputs.code-checks-bypassed }}
ort-enabled: ${{ inputs.ort-enabled }}
ort-bypassed: ${{ inputs.ort-bypassed }}
ort-version: ${{ inputs.ort-version }}
ort-config-repository: ${{ inputs.ort-config-repository }}
ort-config-revision: ${{ inputs.ort-config-revision }}
java-version: ${{ inputs.java-version }}
java-distribution: ${{ inputs.java-distribution }}
runs-on: ${{ inputs.runs-on }}
dependency-graph:
# Do not submit dependencies on private repos - GitHub Advanced Security is not enabled
if: ${{ !github.event.repository.private }}
runs-on: ${{ fromJSON(inputs.runs-on) }}
permissions:
contents: read
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
lfs: true
- uses: epam/ai-dial-ci/actions/java_prepare@4.7.2
with:
java-version: ${{ inputs.java-version }}
java-distribution: ${{ inputs.java-distribution }}
- uses: gradle/actions/dependency-submission@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1
with:
dependency-graph: generate-and-upload
artifact-retention-days: 1
env:
GPR_USERNAME: ${{ github.actor }}
GPR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
build:
runs-on: ${{ fromJSON(inputs.runs-on) }}
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
lfs: true
- uses: epam/ai-dial-ci/actions/java_prepare@4.7.2
with:
java-version: ${{ inputs.java-version }}
java-distribution: ${{ inputs.java-distribution }}
build-scan-publish: true
- run: ./gradlew build -x test
env:
GPR_USERNAME: ${{ github.actor }}
GPR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
docker_build:
runs-on: ${{ fromJSON(inputs.runs-on) }}
steps:
- name: Maximize build space
uses: nepalevov/maximize-build-space@046c48361370e2f3fa758bd2f10c6ce29109ef62 # v1.1.0
if: ${{ inputs.maximize-build-space }}
with:
remove-dotnet: "true"
remove-android: "true"
remove-haskell: "true"
remove-codeql: "true"
remove-large-packages: "true"
remove-cached-tools: "true"
remove-swapfile: "true"
remove-java: "true"
remove-swift: "true"
remove-julia: "true"
remove-browsers: "true"
remove-cloud-tools: "true"
remove-kubernetes-tools: "true"
remove-powershell: "true"
remove-container-tools: "true"
remove-rust: "true"
remove-python: "true"
remove-node: "true"
remove-go: "true"
remove-ruby: "true"
docker-cleanup: "true"
set-tmpdir: "true"
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
lfs: true
- uses: epam/ai-dial-ci/actions/build_docker@4.7.2
with:
image-names: ghcr.io/${{ env.IMAGE_NAME }}
image-tags: test
trivy-enabled: ${{ inputs.trivy-enabled }}
bypass-checks: ${{ inputs.trivy-bypassed }}
trivy-severity: ${{ inputs.trivy-severity }}
trivy-severity-for-sarif: ${{ inputs.trivy-severity-for-sarif }}
trivy-limit-severities-for-sarif: ${{ inputs.trivy-limit-severities-for-sarif }}
gpr-username: ${{ github.actor }}
gpr-password: ${{ secrets.GITHUB_TOKEN }}
platforms: ${{ inputs.platforms }}
env:
IMAGE_NAME: ${{ github.repository }}