Skip to content

ci: add codeql workflow #1338

ci: add codeql workflow

ci: add codeql workflow #1338

Workflow file for this run

# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
name: License check
on:
push:
branches-ignore: # build all branches except:
- 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR)
tags-ignore: # don't build tags
- '**'
pull_request:
workflow_dispatch:
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
inputs:
dash-iplab-token:
description: "Gitlab Personal Access Token (https://gitlab.eclipse.org/-/user_settings/personal_access_tokens) with 'api'' scope for Automatic IP Team Review Requests via org.eclipse.dash:license-tool-plugin, see https://github.com/eclipse/dash-licenses#automatic-ip-team-review-requests"
default: ""
type: string
defaults:
run:
shell: bash
env:
JAVA_VERSION: 17
jobs:
###########################################################
license_check:
###########################################################
runs-on: ubuntu-latest
steps:
- name: Mask Dash IP Token
if: ${{ inputs.dash-iplab-token != '' }}
run: |
DASH_IPLAB_TOKEN=$(jq -r '.inputs."dash-iplab-token"' $GITHUB_EVENT_PATH)
DASH_IPLAB_TOKEN=$(echo "$DASH_IPLAB_TOKEN" | xargs) # trim string
echo "::add-mask::$DASH_IPLAB_TOKEN"
echo "DASH_IPLAB_TOKEN=$DASH_IPLAB_TOKEN" >> $GITHUB_ENV
- name: "Show: GitHub context"
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: echo $GITHUB_CONTEXT
- name: "Show: environment variables"
run: env | sort
- name: Git Checkout
uses: actions/checkout@v4 # https://github.com/actions/checkout
- name: "Install: JDK ${{ env.JAVA_VERSION }} ☕"
uses: actions/setup-java@v4 # https://github.com/actions/setup-java
with:
distribution: temurin
java-version: ${{ env.JAVA_VERSION }}
- name: "Cache: Local Maven Repository"
uses: actions/cache/restore@v4
with:
# Excluded sub directory not working https://github.com/actions/toolkit/issues/713
path: |
~/.m2/repository/*
!~/.m2/repository/.cache/tycho
!~/.m2/repository/.meta/p2-artifacts.properties
!~/.m2/repository/p2
!~/.m2/repository/*SNAPSHOT*
key: ${{ runner.os }}-${{ runner.arch }}-repo-mvn-${{ hashFiles('**/pom.xml') }}
- name: "Cache: Local Tycho Repository"
uses: actions/cache/restore@v4
with:
path: |
~/.m2/repository/.cache/tycho
~/.m2/repository/.meta/p2-artifacts.properties
~/.m2/repository/p2
key: ${{ runner.os }}-${{ runner.arch }}-repo-tycho-${{ hashFiles('target-platforms/oldest.target') }}
- name: Dash License check # see https://github.com/eclipse/dash-licenses
run: |
set -eu
MAVEN_OPTS="${MAVEN_OPTS:-}"
if [[ "${{ runner.os }}" == "Windows" ]]; then
MAVEN_OPTS+=" -Djava.security.egd=file:/dev/urandom" # https://www.baeldung.com/java-security-egd#bd-testing-the-effect-of-javasecurityegd
else
MAVEN_OPTS+=" -Djava.security.egd=file:/dev/./urandom" # https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for/59097932#59097932
fi
MAVEN_OPTS+=" -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" # https://stackoverflow.com/questions/5120470/how-to-time-the-different-stages-of-maven-execution/49494561#49494561
MAVEN_OPTS+=" -Xmx1024m -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dhttps.protocols=TLSv1.3,TLSv1.2"
export MAVEN_OPTS
echo "MAVEN_OPTS: $MAVEN_OPTS"
if [[ ${ACT:-} == "true" ]]; then # when running locally using nektos/act
maven_args="-Djgit.dirtyWorkingTree=warning"
else
maven_args="--no-transfer-progress"
fi
if [[ -n ${DASH_IPLAB_TOKEN:-} ]]; then
dash_iplab_token_arg="-Ddash.iplab.token=$DASH_IPLAB_TOKEN"
fi
(set -x; ./mvnw \
--errors \
--update-snapshots \
--batch-mode \
--show-version \
-Dtycho.disableP2Mirrors=true \
$maven_args \
org.eclipse.dash:license-tool-plugin:license-check \
-Dtycho.target.eager=true \
-Ddash.projectId=technology.tm4e \
${dash_iplab_token_arg:-} \
-Ddash.fail=true \
-Ddash.summary=DEPENDENCIES \
-DexcludeArtifactIds=\
org.eclipse.rcp_root,\
org.eclipse.tm4e.core,\
org.eclipse.tm4e.feature,\
org.eclipse.tm4e.language_pack.feature,\
org.eclipse.tm4e.language_pack,\
org.eclipse.tm4e.languageconfiguration,\
org.eclipse.tm4e.markdown,\
org.eclipse.tm4e.registry,\
org.eclipse.tm4e.samples,\
org.eclipse.tm4e.ui,\
org.eclipse.ui.tests.harness)
- name: Dash Summary
if: always()
run: cat DEPENDENCIES