fix(deps): update dependency org.owasp:dependency-check-gradle to v12… #4394
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- main | |
- release/* | |
workflow_dispatch: | |
jobs: | |
common: | |
uses: ./.github/workflows/build-common.yml | |
test-latest-deps: | |
# release branches are excluded | |
# because any time a new library version is released to maven central it can fail | |
# which requires unnecessary release branch maintenance, especially for patches | |
if: "!startsWith(github.ref_name, 'release/')" | |
uses: ./.github/workflows/reusable-test-latest-deps.yml | |
muzzle: | |
# release branches are excluded | |
# because any time a new library version is released to maven central it can fail | |
# which requires unnecessary release branch maintenance, especially for patches | |
if: "!startsWith(github.ref_name, 'release/')" | |
uses: ./.github/workflows/reusable-muzzle.yml | |
shell-script-check: | |
# release branches are excluded to avoid unnecessary maintenance if new shell checks are added | |
if: "!startsWith(github.ref_name, 'release/')" | |
uses: ./.github/workflows/reusable-shell-script-check.yml | |
markdown-link-check: | |
# release branches are excluded to avoid unnecessary maintenance if external links break | |
# (and also because the README.md javaagent download link has to be updated on release branches | |
# before the release download has been published) | |
if: "!startsWith(github.ref_name, 'release/')" | |
uses: ./.github/workflows/reusable-markdown-link-check.yml | |
markdown-lint-check: | |
# release branches are excluded | |
if: "!startsWith(github.ref_name, 'release/')" | |
uses: ./.github/workflows/reusable-markdown-lint-check.yml | |
misspell-check: | |
# release branches are excluded to avoid unnecessary maintenance if new misspellings are added | |
# to the misspell dictionary | |
if: "!startsWith(github.ref_name, 'release/')" | |
uses: ./.github/workflows/reusable-misspell-check.yml | |
publish-snapshots: | |
needs: | |
# intentionally not blocking snapshot publishing on test-latest-deps, muzzle, | |
# markdown-link-check, or misspell-check | |
- common | |
runs-on: ubuntu-latest | |
# skipping release branches because the versions in those branches are not snapshots | |
if: github.ref_name == 'main' && github.repository == 'open-telemetry/opentelemetry-java-instrumentation' | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Free disk space | |
run: .github/scripts/gha-free-disk-space.sh | |
- name: Set up JDK for running Gradle | |
uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
with: | |
distribution: temurin | |
java-version-file: .java-version | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 | |
with: | |
# gradle enterprise is used for the build cache | |
gradle-home-cache-excludes: caches/build-cache-1 | |
- name: Build and publish artifact snapshots | |
env: | |
SONATYPE_USER: ${{ secrets.SONATYPE_USER }} | |
SONATYPE_KEY: ${{ secrets.SONATYPE_KEY }} | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }} | |
run: ./gradlew assemble spdxSbom publishToSonatype | |
- name: Build and publish gradle plugin snapshots | |
env: | |
SONATYPE_USER: ${{ secrets.SONATYPE_USER }} | |
SONATYPE_KEY: ${{ secrets.SONATYPE_KEY }} | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }} | |
run: ./gradlew build publishToSonatype | |
working-directory: gradle-plugins |