Skip to content

Add codeql workflow (#320) #622

Add codeql workflow (#320)

Add codeql workflow (#320) #622

Workflow file for this run

name: Global workflow
on:
pull_request:
types: [ opened, synchronize, reopened ]
push:
branches:
- dev
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: 'corretto'
- name: Analyze push
# If push, we analyze the code
if: github.event_name == 'push'
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: ./gradlew sonar --info
- name: Analyse pull request
# If pull request, we analyze the code, and if the target branch is not master
if: github.event_name == 'pull_request' && github.event.pull_request.base.ref != 'master' && github.actor != 'dependabot[bot]'
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: ./gradlew sonar --info -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} -Dsonar.qualitygate.wait=true
- name: Test
if: github.event_name == 'pull_request' && (github.event.pull_request.base.ref == 'master' || github.actor == 'dependabot[bot]')
run: ./gradlew clean test --info
- name: Cache gradle dependencies
uses: actions/cache@v4
# If author is dependabot, we don't cache dependencies
if: github.actor != 'dependabot[bot]'
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-dev-dependencies-${{ hashFiles('**/build.gradle.kts') }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-dev-dependencies-${{ hashFiles('**/build.gradle.kts') }}
build:
runs-on: ubuntu-latest
needs:
- test
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: 'corretto'
- name: Cache gradle dependencies
uses: actions/cache@v4
# If author is dependabot, we don't cache dependencies
if: github.actor != 'dependabot[bot]'
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-dev-dependencies-${{ hashFiles('**/build.gradle.kts') }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-dev-dependencies-${{ hashFiles('**/build.gradle.kts') }}
- name: Build
run: gradle clean installDist -x test
- name: Cache build
uses: actions/cache@v4
# If author is dependabot, we don't cache dependencies
if: github.actor != 'dependabot[bot]'
with:
path: build/install/core
key: ${{ runner.os }}-build-${{ hashFiles('**/build.gradle.kts') }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-build-${{ hashFiles('**/build.gradle.kts') }}
docker:
strategy:
matrix:
platform: [linux/amd64, linux/arm64, linux/arm64/v8]
runs-on: ubuntu-latest
needs:
- build
steps:
- uses: actions/checkout@v4
- name: Cache build
uses: actions/cache@v4
# If author is dependabot, we don't cache dependencies
if: github.actor != 'dependabot[bot]'
with:
path: build/install/core
key: ${{ runner.os }}-build-${{ hashFiles('**/build.gradle.kts') }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-build-${{ hashFiles('**/build.gradle.kts') }}
- name: Build
if: github.actor == 'dependabot[bot]'
run: gradle clean installDist -x test
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build docker file
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: registry.ziedelth.fr:5000/shikkanime-core:dev
platforms: ${{ matrix.platform }}
clear_cache:
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]'
needs:
- docker
steps:
- uses: actions/checkout@v4
- name: Clear build cache
uses: prantlf/delete-cache-action@v2
with:
key: ${{ runner.os }}-build-${{ hashFiles('**/build.gradle.kts') }}-${{ github.sha }}
- name: Clear gradle cache
uses: prantlf/delete-cache-action@v2
with:
key: ${{ runner.os }}-dev-dependencies-${{ hashFiles('**/build.gradle.kts') }}-${{ github.sha }}