Adds SECURITY.md and scanning workflow #1055
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: test | |
# We don't test documentation-only commits. | |
on: # yamllint disable-line rule:truthy | |
push: # non-tagged pushes to master | |
branches: | |
- master | |
tags-ignore: | |
- '*' | |
paths-ignore: | |
- '**/*.md' | |
- './build-bin/*lint' | |
- ./build-bin/mlc_config.json | |
pull_request: # pull requests targeted at the master branch. | |
branches: | |
- master | |
paths-ignore: | |
- '**/*.md' | |
- './build-bin/*lint' | |
- ./build-bin/mlc_config.json | |
jobs: | |
test: | |
name: test (JDK ${{ matrix.java_version }}) | |
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish | |
# skip commits made by the release plugin | |
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')" | |
strategy: | |
fail-fast: false # don't fail fast as some failures are LTS specific | |
matrix: # match with maven-enforcer-plugin rules in pom.xml | |
include: | |
- java_version: 17 # earliest LTS supported by Spring Boot 3 | |
maven_args: -Prelease -Dgpg.skip | |
- java_version: 21 # Most recent LTS | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' # zulu as it supports a wide version range | |
java-version: ${{ matrix.java_version }} | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
# yamllint disable-line rule:line-length | |
key: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven- | |
- name: Cache NPM Packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
# yamllint disable-line rule:line-length | |
key: ${{ runner.os }}-npm-packages-${{ hashFiles('zipkin-lens/package-lock.json') }} | |
- name: Test without Docker | |
run: | | |
build-bin/maven_go_offline && | |
build-bin/test -DexcludedGroups=docker ${{ matrix.maven_args }} | |
test_docker: | |
runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish | |
# skip commits made by the release plugin | |
if: "!contains(github.event.head_commit.message, 'maven-release-plugin')" | |
strategy: | |
matrix: | |
include: | |
- name: zipkin-collector-activemq | |
- name: zipkin-collector-kafka | |
- name: zipkin-collector-rabbitmq | |
- name: zipkin-storage-cassandra | |
- name: zipkin-storage-elasticsearch | |
- name: zipkin-storage-mysql-v1 | |
- name: zipkin-server | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'zulu' # zulu as it supports a wide version range | |
java-version: '21' # Most recent LTS | |
- name: Cache local Maven repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
# yamllint disable-line rule:line-length | |
key: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-jdk-${{ matrix.java_version }}-maven- | |
# Don't attempt to cache Docker. Sensitive information can be stolen | |
# via forks, and login session ends up in ~/.docker. This is ok because | |
# we publish DOCKER_PARENT_IMAGE to ghcr.io, hence local to the runner. | |
- name: Test with Docker | |
# configure_test seeds NPM cache, which isn't needed for these tests. | |
# | |
# What we are doing here is configuring docker, then installing the | |
# module's dependencies prior to testing it with docker. This allows | |
# us to avoid running tests except the leaf module. | |
run: | | |
build-bin/docker/configure_docker && | |
build-bin/maven/maven_go_offline && | |
build-bin/maven/maven_build -pl :${{ matrix.name }} --am && | |
build-bin/test -Dgroups=docker -pl :${{ matrix.name }} | |
env: | |
MAVEN_GOAL: install # docker build needs dependencies in mavenLocal | |
MAVEN_CONFIG: '-Dlicense.skip=true' # license check already run |