Skip to content

Commit

Permalink
Update GitHub actions (#79)
Browse files Browse the repository at this point in the history 
* Bump version of github actions to v4

* code-quality.yml: Update maven sonar plugin location

* Bump maven dependency-check version to use environment variable NVD API key

* maven dependency-check: Use cached vulnerability database to improve performance

* Update dependencies: dependency-checker, CmpRaComponent

* Fix NVD API key usage
  • Loading branch information
@kiron-mx
kiron-mx authored Jul 10, 2024
1 parent acffb4b commit e8fb6b4
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 17 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/code-format.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
Expand Down
20 changes: 9 additions & 11 deletions .github/workflows/code-quality.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,22 +15,22 @@ jobs:
name: Run unit tests and Sonar analysis
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
- name: Cache SonarCloud packages
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
Expand All @@ -42,28 +42,26 @@ jobs:
# note that we deliberately turn off the OWASP dependency checker here, it will run in a separate job,
# such that its results can be viewed independently of what Sonar has to say
run: |
mvn -B verify sonar:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true
mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true
analyze_dependencies_owasp:
name: Check dependencies with OWASP
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
- name: Cache Maven packages
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Analyze dependencies
env:
NVD_API_KEY: ${{ secrets.NVD_TOKEN }}
# this will run the OWASP dependency checker only
run: mvn -B verify -DskipTests
run: mvn -B verify -DskipTests -DnvdApiKey=${{ secrets.NVD_TOKEN }}
4 changes: 2 additions & 2 deletions .github/workflows/licence-compliance.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
Expand Down
4 changes: 2 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>9.0.9</version>
<version>10.0.2</version>
<executions>
<execution>
<goals>
Expand Down Expand Up @@ -172,7 +172,7 @@
<dependency>
<groupId>com.siemens.pki</groupId>
<artifactId>CmpRaComponent</artifactId>
<version>4.1.4</version>
<version>4.1.3</version>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
Expand Down

0 comments on commit e8fb6b4

Please sign in to comment.