From 9093b13c5d43f5a278f3106e11c4e1090c5f79a3 Mon Sep 17 00:00:00 2001 From: Leandro Afonso Date: Thu, 23 Oct 2025 00:27:37 +0100 Subject: [PATCH] Rollback Oops --- .github/workflows/maven.yml | 92 +++---------------------------------- 1 file changed, 6 insertions(+), 86 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index acc3264..6819189 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -11,7 +11,9 @@ on: jobs: build: + runs-on: ubuntu-latest + steps: - uses: actions/checkout@v4 @@ -26,95 +28,13 @@ jobs: run: mvn -B package working-directory: main - # Generate dependency graph explicitly + # Generate dependency graph explicitly (run step supports -f) - name: Generate dependency graph - run: mvn -B com.github.ferstl:depgraph-maven-plugin:4.0.1:graph - working-directory: main + run: mvn -B -f main/pom.xml com.github.ferstl:depgraph-maven-plugin:4.0.1:graph - # Upload the packaged JAR file as an artifact - - name: Upload package artifact - uses: actions/upload-artifact@v4 - with: - name: package - path: main/target/*.jar # Upload only the JAR - - # Upload the generated dependency graph so you can inspect it + # Upload the generated dependency files so you can inspect them in the workflow run - name: Upload dependency graph artifact uses: actions/upload-artifact@v4 with: name: dependency-graph - path: main/target/dependency-graph.dot # Upload the specific graph file - - test-and-coverage: - runs-on: ubuntu-latest - needs: build # Make it dependent on the build job to ensure code compiles - - steps: - - uses: actions/checkout@v4 - - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - cache: maven - - - name: Run tests and generate coverage report - # 'verify' runs all tests. 'jacoco:report' generates the coverage report. - # This assumes you have the JaCoCo plugin configured in your pom.xml - run: mvn -B verify jacoco:report - working-directory: main - - - name: Upload coverage report - # This uploads the HTML coverage report as an artifact - uses: actions/upload-artifact@v4 - with: - name: code-coverage-report - path: main/target/site/jacoco/ # Path to the JaCoCo HTML report - - security-scan: - # NEW JOB: This job runs GitHub's CodeQL to find security vulnerabilities. - # It runs in parallel with other jobs. - runs-on: ubuntu-latest - - # Required permissions for CodeQL to write results - permissions: - security-events: write # for github/codeql-action/analyze - actions: read # for github/codeql-action/init - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: 'java' # Specify the language to analyze - - - name: Build project for CodeQL - # CodeQL needs to monitor the build process. - # We skip tests here (-DskipTests) because we only need the compiled code - # for static analysis, and tests are run in the 'test-and-coverage' job. - run: mvn -B clean package -DskipTests - working-directory: main - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - - dependency-review: - # NEW JOB: This job checks for vulnerable dependencies on Pull Requests. - # It prevents merging PRs that introduce known vulnerabilities. - runs-on: ubuntu-latest - - # This job only needs to run on pull requests - if: github.event_name == 'pull_request' - - permissions: - contents: read # To read dependency files - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Dependency Review - uses: actions/dependency-review-action@v4 + path: main/target/**