♻️ [CI] Aligned chaching of dependencies for Security Scan workflow

Signed-off-by: Alberto Codutti <[email protected]>

.github/workflows/security-scan.yaml

@@ -4,6 +4,7 @@ on:
     branches:
       - 'develop'
       - 'release-**'
+      - 'feat-improvedGitHubActionCaching'
 
 env:
   BUILD_OPTS: ""
@@ -14,22 +15,32 @@ jobs:
   owasp-dependency-check:
     name: Owasp Dependency Check
     runs-on: ubuntu-latest
+    timeout-minutes: 45
     steps:
-      - uses: actions/checkout@v4 # Checks out a copy of the repository on the ubuntu-latest machine
-      - uses: actions/setup-java@v4
+      - name: Clones Kapua repo inside the runner
+        uses: actions/checkout@v4
+
+      - name: Setup Java 11
+        uses: actions/setup-java@v4
         with:
           distribution: 'zulu'
           java-version: 11
-          cache: 'maven'
-      - uses: actions/setup-node@v4 # Installs Node and NPM
+
+      - name: Setup Node 16
+        uses: actions/setup-node@v4 # Installs Node and NPM
         with:
           node-version: 16
+
       - name: Install Swagger CLI # Installs Swagger CLI to bundle OpenAPI files
         run: 'npm install -g @apidevtools/swagger-cli'
-      - uses: actions/cache@v4 # Cache local Maven repository to reuse dependencies
+        shell: bash
+
+      - name: Cache Maven repository - External dependencies # Cache of external Maven dependencies to speed up build time
+        id: cache-maven-external-deps
+        uses: actions/cache@v4
         with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
-      - run: mvn -B ${BUILD_OPTS} -DskipTests -Psecurity-scan verify
+          path: ~/.m2/repository/
+          key: ${{ runner.os }}-maven-develop-dependencies
+
+      - name: Run Owasp Security Scan
+        run: mvn -B ${BUILD_OPTS} -DskipTests -Psecurity-scan verify