Add GitHub Actions

samtkit · Jun 15, 2023 · 2081763 · 2081763
1 parent e101a3d
commit 2081763
Show file tree

Hide file tree

Showing 4 changed files with 136 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,24 @@
+name: Build
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Build
+        run: ./gradlew --no-daemon build
diff --git a/.github/workflows/gradle-dependency-submission.yml b/.github/workflows/gradle-dependency-submission.yml
@@ -0,0 +1,28 @@
+name: Gradle Dependency Submission
+on:
+  push:
+    branches: [main]
+
+jobs:
+  gradle-action-detection:
+    runs-on: ubuntu-latest
+    # The Dependency Submission API requires write permission
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Run snapshot action
+        uses: mikepenz/gradle-dependency-submission@main
+        with:
+          gradle-build-module: |-
+            cli
+          gradle-build-configuration: |-
+            compileClasspath
+          sub-module-mode: 'INDIVIDUAL_DEEP'
diff --git a/.github/workflows/qodana-scan.yml b/.github/workflows/qodana-scan.yml
@@ -0,0 +1,35 @@
+name: Qodana
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+jobs:
+  qodana-jvm:
+    runs-on: ubuntu-latest
+
+    # The CodeQL Action requires security write permission
+    permissions:
+      security-events: write
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Build
+        run: ./gradlew --no-daemon build -x test
+
+      - uses: JetBrains/[email protected]
+        with:
+          pr-mode: false
+          cache-default-branch-only: true
+
+      - uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
diff --git a/.github/workflows/security-scanning.yml b/.github/workflows/security-scanning.yml
@@ -0,0 +1,49 @@
+name: "Security Scanning"
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+  schedule:
+    #        ┌───────────── minute (0 - 59)
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
+    - cron: '30 6 * * 1'
+
+jobs:
+  CodeQL-Build:
+    runs-on: ubuntu-latest
+
+    # The CodeQL Action requires security write permission
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: kotlin
+          queries: security-and-quality
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Build
+        run: ./gradlew --no-daemon build -x test
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2