160 Commits

Author SHA1 Message Date
Andreas Dangel
4c45d6125e
Merge branch 'master' into pmd/7.0.x 2022-04-29 13:40:05 +02:00
naveen
57dfc7fb40 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-04-29 01:00:46 +00:00
Andreas Dangel
e0c0e96d07
Merge branch 'master' into pmd/7.0.x 2022-04-12 20:15:44 +02:00
dependabot[bot]
2a57871fdb
Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-28 03:01:58 +00:00
Andreas Dangel
c26275a2b6
Merge remote-tracking branch 'adangel/regression-tester-update' into
pmd7-regression-tester-update
2022-03-24 18:54:45 +01:00
Andreas Dangel
f2db24ffbb
Use new caches in CI build 2022-03-18 17:04:02 +01:00
Andreas Dangel
4160092ceb
Merge branch 'master' into pr-3819 2022-03-10 10:32:41 +01:00
dependabot[bot]
45a85806b5
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 03:01:36 +00:00
Andreas Dangel
a9c3c019fe
Merge branch 'master' into pmd/7.0.x 2021-11-25 11:50:31 +01:00
Andreas Dangel
47938e674d
Bump build-tools from 17-SNAPSHOT to 17 2021-11-25 10:08:30 +01:00
Andreas Dangel
3cde14a534
[ci] Start with an empty cache 2021-11-19 11:00:08 +01:00
Andreas Dangel
f9a012a8de
Merge branch 'master' into pmd/7.0.x 2021-10-16 10:40:02 +02:00
Andreas Dangel
4bfb35cb86
Use GITHUB_TOKEN or deploy key
Also use pmd-bot@users.noreply.github.com as committer email.
2021-10-15 12:09:22 +02:00
Andreas Dangel
7cee47d71e
Merge branch 'master' into pmd/7.0.x 2021-09-27 20:11:01 +02:00
Andreas Dangel
6c60196bc1
Use build-tools 17-SNAPSHOT 2021-09-27 20:02:03 +02:00
Andreas Dangel
32bd651969
Merge branch 'master' into pmd/7.0.x 2021-07-30 14:11:48 +02:00
Andreas Dangel
fbdcec348b
Bump build-tools from 15-SNAPSHOT to 15 2021-07-30 12:12:40 +02:00
Clément Fournier
ed98ec7078
Merge branch 'master' into 7.0.x 2021-06-16 14:22:40 +02:00
Andreas Dangel
0b6c0594f1
Use build-tools scripts 14 2021-06-11 17:47:08 +02:00
Andreas Dangel
89d0d76035
Merge branch 'master' into pmd/7.0.x 2021-05-28 19:02:50 +02:00
Andreas Dangel
6d321b89e4
[ci] Use new build-tools 13
Should fix build problems under windows
2021-05-28 17:45:00 +02:00
Andreas Dangel
0fea742f3d
Merge branch 'master' into pmd/7.0.x 2021-05-28 17:01:04 +02:00
Andreas Dangel
1fce60faf0
[ci] Use ruby/setup-ruby@v1 instead of deprecated setup-ruby action 2021-05-28 16:59:31 +02:00
Andreas Dangel
50080c496d
[ci] Use ruby/setup-ruby@v1 instead of deprecated setup-ruby action 2021-05-28 16:57:32 +02:00
Clément Fournier
4dec17b937
Merge branch 'master' into 7.0.x 2021-05-09 14:36:29 +02:00
Andreas Dangel
d444f30ee4 [ci] Add gradle cache 2021-05-07 16:19:26 +02:00
Clément Fournier
9274af1e8e Merge branch 'master' into 7.0.x 2021-05-06 12:52:34 +02:00
Andreas Dangel
b73afc47f7 Bump build-tools from 11 to 12 2021-05-06 10:25:28 +02:00
Clément Fournier
10186c85ba Merge branch 'master' into 7.0.x 2021-04-30 12:49:10 +02:00
Clément Fournier
f587b7f5f2 Explain FP & FN in issue template description 2021-04-30 12:25:55 +02:00
Andreas Dangel
e7ebae1cea Improve issue templates 2021-04-29 10:53:41 +02:00
Andreas Dangel
2ada953df5 Merge branch 'master' into pmd/7.0.x 2021-04-24 18:33:52 +02:00
Andreas Dangel
375e7a1bff [ci] Improve caching for pmd-regression-tester 2021-04-24 18:01:17 +02:00
Andreas Dangel
96dc198fc6 Merge branch 'master' into pmd/7.0.x 2021-04-24 16:17:42 +02:00
Andreas Dangel
4b4af8c12f [ci] Increase fetch depth for git-repo-sync 2021-04-24 16:15:09 +02:00
Andreas Dangel
f89c9e40d4 [ci] Sync branch pmd/7.0.x to sourceforge 2021-04-23 23:01:28 +02:00
Andreas Dangel
aea369a80b Merge branch 'pr-3220' into pmd7-build-scripts-update 2021-04-22 11:35:31 +02:00
Andreas Dangel
2d5fc019ac Merge branch 'master' into build-scripts-update 2021-04-22 11:10:24 +02:00
Andreas Dangel
fe9bf3c352 Bump build-tools from 10 to 11 2021-04-22 10:59:51 +02:00
Clément Fournier
7301082d2e Merge branch 'master' into 7.0.x 2021-04-20 17:37:22 +02:00
Andreas Dangel
a09e38471f [ci] Run git-repo-sync only on pushes, not on pull requests
Also remove unneeded actions
2021-04-18 19:57:50 +02:00
Andreas Dangel
2ad755f963 [ci] Add git-repo-sync 2021-04-18 19:50:52 +02:00
Andreas Dangel
f413328653 [ci] Set autoReleaseAfterClose=true in workflow 2021-04-18 18:49:14 +02:00
Andreas Dangel
953a9999b4 [ci] Checkout with fetch-depth 2
Otherwise we can't fetch later more commits
for regression-tester and danger.
2021-04-16 20:06:56 +02:00
Andreas Dangel
081edd5213 Revert "[ci] Enable debug mode for check-environment.sh"
This reverts commit ff68dd7bef8fb7911f390ebc64769993b915e4ea.
2021-04-16 16:43:28 +02:00
Andreas Dangel
ff68dd7bef [ci] Enable debug mode for check-environment.sh 2021-04-16 16:35:52 +02:00
Andreas Dangel
417cc7fcbe [ci] Finish scripts migration, integration sonar+coveralls 2021-04-15 16:20:22 +02:00
Andreas Dangel
10c6906f0f [ci] First round of migration to new build scripts 2021-04-15 15:26:33 +02:00
Andreas Dangel
c2ae8b19c2 Add FUNDING.yml 2021-04-12 19:26:46 +02:00
Andreas Dangel
74fffb35c4 Merge branch 'master' into pmd/7.0.x 2021-03-27 15:38:36 +01:00
Andreas Dangel
fdc6336bf2 [ci] Increase timeout for staging to oss.sonatype.org 2021-03-26 17:56:26 +01:00
Clément Fournier
5afb4956c3 Merge branch 'master' into 7.0.x 2021-02-16 20:08:18 +01:00
Clément Fournier
2b6dcb3f22
Change default labels for violation issue template
An issue that has both labels probably needs one of them to be removed.
2021-02-08 19:37:00 +01:00
Andreas Dangel
f0f2286f98 Merge branch 'master' into pmd/7.0.x 2021-01-16 10:37:27 +01:00
Andreas Dangel
49ff9a5c5f [ci] Increase build timeout for pull requests to 60 minutes 2021-01-08 15:33:48 +01:00
Andreas Dangel
60d21a2feb Merge branch 'master' into pmd/7.0.x 2020-12-12 12:54:15 +01:00
Andreas Dangel
f276eec0ba [ci] Use ruby 2.7 for release build (#2967) 2020-12-12 11:19:51 +01:00
Andreas Dangel
384d32ddd0 Merge branch 'master' into pmd/7.0.x 2020-12-11 19:48:54 +01:00
Andreas Dangel
4229343173 Use Github Discussions for Q&A 2020-12-11 16:52:17 +01:00
Andreas Dangel
b21a2e5d38 Merge branch 'master' into pmd/7.0.x 2020-11-25 14:17:10 +01:00
Andreas Dangel
db3c636081 [ci] Avoid mixing caches 2020-11-25 14:14:49 +01:00
Andreas Dangel
a99e205a54 Merge branch 'master' into pmd/7.0.x 2020-11-14 20:34:49 +01:00
Andreas Dangel
bc4938087a [ci] Only install java7 on Linux, add GITHUB_TOKEN for sonar 2020-11-14 20:29:27 +01:00
Andreas Dangel
3ca98b7313 [ci] Enable pushes workflow for branch pmd/7.0.x 2020-11-14 19:35:20 +01:00
Andreas Dangel
4147d09771 [ci] Windows needs maven_dependencies_resolve
* Use the same build script for Windows+MacOS as for PRs
* Also install java7 for PRs (that was missing from the old travis solution)
* Run coveralls and sonar in parallel to win/macos after linux
2020-11-14 19:27:40 +01:00
Andreas Dangel
faa0a6109e [ci] Fix builds for Windows / MacOS
Add missing include for logger
2020-11-14 18:29:44 +01:00
Andreas Dangel
91835315cc Add vendor/bundle to cache 2020-11-14 12:44:57 +01:00
Andreas Dangel
4246cb77ca Add sonar and coveralls jobs 2020-11-14 12:33:31 +01:00
Andreas Dangel
e2514c546c Implement release builds 2020-11-13 20:34:37 +01:00
Andreas Dangel
8c087e9357 Describe workaround for failing downloads 2020-11-13 19:43:55 +01:00
Andreas Dangel
825e3426d7 Fetch more commits of the PR for danger 2020-11-13 17:15:53 +01:00
Andreas Dangel
a5c7f3c77a Increase fetch depth so that danger finds the HEAD commit of the PR 2020-11-13 15:56:05 +01:00
Andreas Dangel
e8525008b2 Move install-openjdk into main script, add check-environment 2020-11-13 15:35:16 +01:00
Andreas Dangel
412ddb3018 Fix pull requests build - correctly extract data from event 2020-11-13 14:58:57 +01:00
Andreas Dangel
7e35165c01 Externalize tokens for Danger, use correct base branch ref 2020-11-13 14:27:26 +01:00
Andreas Dangel
be07f5b8c8 Enable windows build again 2020-11-13 12:01:53 +01:00
Andreas Dangel
6e81754078 There are no secrets in pull requests 2020-11-13 12:01:28 +01:00
Andreas Dangel
9d531cba4d Enable pull-requests workflow 2020-11-13 11:39:30 +01:00
Andreas Dangel
70f2c56888 Resolve maven dependencies before building
This tries to solve build timeouts while downloading dependencies.
Also the job timeout for PRs is 30 minutes - if it takes longer,
something is wrong.
2020-11-13 11:37:05 +01:00
Andreas Dangel
1790684fff Add troubleshooting 2020-11-12 20:12:07 +01:00
Andreas Dangel
1edc659456 Take out windows build
It's always failing to download dependencies
2020-11-12 19:15:29 +01:00
Andreas Dangel
295505af5b Integrate danger for pull requests 2020-11-12 13:11:56 +01:00
Andreas Dangel
4628664545 Add regression-tester for updating baseline 2020-11-12 11:54:51 +01:00
Andreas Dangel
0f14066adc Use github job infos 2020-11-12 10:42:19 +01:00
Andreas Dangel
b42a358844 Add workaround for connection timeouts 2020-11-12 09:44:17 +01:00
Andreas Dangel
14548e7b80 Integrate setup secrets into build.sh, add env.gpg, add sourceforge upload 2020-11-11 22:56:02 +01:00
Andreas Dangel
a089bbc143 Use bash 2020-11-10 22:37:04 +01:00
Andreas Dangel
3d4928dfbb Initial version of new ci scripts 2020-11-10 22:26:26 +01:00
Andreas Dangel
398305144d [ci] Display used java version in github action 2020-10-28 11:03:20 +01:00
Andreas Dangel
d626b9314e [ci] Support [skip ci] with github actions
See https://github.com/marketplace/actions/skip-based-on-commit-message
2020-10-15 11:28:46 +02:00
Andreas Dangel
b8da15ce00 [ci] use actions/checkout@v2 and actions/setup-java@v1
instead of specific subversions. This uses then always the latest
versions automatically.
2020-10-10 14:03:32 +02:00
dependabot[bot]
d37ccca4ab
Bump actions/setup-java from v1.4.2 to v1.4.3
Bumps [actions/setup-java](https://github.com/actions/setup-java) from v1.4.2 to v1.4.3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v1.4.2...d202f5dbf7256730fb690ec59f6381650114feb2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-10-05 06:16:30 +00:00
dependabot[bot]
2a6b04ef4d
Bump actions/checkout from v2.3.2 to v2.3.3
Bumps [actions/checkout](https://github.com/actions/checkout) from v2.3.2 to v2.3.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.2...a81bbbf8298c0fa03ea29cdc473d45769f953675)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-28 06:18:42 +00:00
dependabot[bot]
72f9d0f90a
Bump actions/setup-java from v1.4.0 to v1.4.2
Bumps [actions/setup-java](https://github.com/actions/setup-java) from v1.4.0 to v1.4.2.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v1.4.0...8bb50d97d6b4d316daf284fdf8eafbfc988421fc)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-12 10:46:46 +00:00
Andreas Dangel
352760c09c [ci] Fix dependabot schedule interval 2020-09-12 12:45:52 +02:00
Andreas Dangel
b247d616d9 [ci] github actions: Build on push and pull requests 2020-09-12 12:13:28 +02:00
Andreas Dangel
2093f6c82a [ci] dependabot: don't open PRs for maven dependencies
We might enable this for PMD 7 later
2020-09-12 12:13:04 +02:00
XenoAmess
01de9ce450 add github actions for a fast view of pr succeed/not.
travis-ci is toooo slow.
2020-08-24 19:15:52 +08:00
Andreas Dangel
2da636305e Update pull request template 2020-04-18 10:34:21 +02:00
Andreas Dangel
0356895cc2 [doc] Fix github issue templates
The labels were wrong, maybe now they are assigned
automatically...
2020-04-04 18:29:50 +02:00