Build

Performance improvements #97

Workflow file for this run

	name: Build

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master

	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	security-events: write
	steps:
	- uses: actions/checkout@v3

	- name: Set up JDK 21
	uses: actions/setup-java@v3
	with:
	java-version: 21
	distribution: zulu
	cache: maven

	- name: Authenticate to Google Cloud
	id: auth
	uses: google-github-actions/auth@v1.1.1
	with:
	workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
	service_account: "gh-actions-dapla-pseudo@artifact-registry-5n.iam.gserviceaccount.com"
	token_format: access_token

	- name: Build with Maven
	run: mvn --batch-mode -P ssb-gar package

	- name: Fail build on High/Critical Vulnerabilities
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	format: 'table'
	scan-ref: '.'
	severity: 'HIGH,CRITICAL'
	ignore-unfixed: true
	exit-code: 1

	- name: Run Trivy vulnerability scanner (SARIF for reporting)
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	ignore-unfixed: true
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL,HIGH'
	skip-setup-trivy: true

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v4
	with:
	sarif_file: 'trivy-results.sarif'

	- name: Build and test with Maven
	if: github.event_name == 'pull_request'
	run: mvn --batch-mode -P ssb-gar clean test

	- name: Build with Maven and deploy to Artifact Registry
	if: github.event_name == 'push' && github.ref == 'refs/heads/master' && success()
	run: mvn --batch-mode -P ssb-gar deploy -Dmaven.javadoc.skip=true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Performance improvements #97

Workflow file

Performance improvements #97

Uh oh!

Workflow file for this run