Skip to content

build: Bump step-security/harden-runner from 2.7.1 to 2.9.0 #1550

build: Bump step-security/harden-runner from 2.7.1 to 2.9.0

build: Bump step-security/harden-runner from 2.7.1 to 2.9.0 #1550

Workflow file for this run

#*******************************************************************************
# Copyright (c) Contributors to the Eclipse Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
#*******************************************************************************
name: CI Build
on:
push:
branches-ignore:
- 'dependabot/**'
paths-ignore:
- '.github/**/*codeql*'
- '.github/**/*example*'
- '.github/*.yml'
- 'examples/**'
pull_request:
paths-ignore:
- '.github/**/*codeql*'
- '.github/**/*example*'
- '.github/*.yml'
- 'examples/**'
env:
LC_ALL: en_US.UTF-8
MAVEN_OPTS: >-
-Dhttp.keepAlive=false
-Dmaven.wagon.http.pool=false
-Dmaven.wagon.http.retryHandler.count=3
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build:
strategy:
matrix:
java:
- '8'
- '11'
os:
- 'ubuntu-latest'
include:
- os: 'windows-latest'
java: '17'
- os: 'ubuntu-latest'
java: '17'
canonical: ${{ (github.repository == 'osgi/osgi-test') && ((github.ref == 'refs/heads/main') || (github.ref == 'refs/heads/release')) && (github.event_name != 'pull_request') }}
- os: 'ubuntu-latest'
java: '17'
experimental: true
mavenopts: '-Pbnd-next'
name: JDK${{ matrix.java }} ${{ matrix.os }} ${{ matrix.mavenopts }}
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Git Checkout
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
- name: Set up Java ${{ matrix.java }}
uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
- name: Build
id: build
continue-on-error: ${{ matrix.experimental }}
run: |
./.github/scripts/build.sh ${{ matrix.mavenopts }}
- name: Configure settings.xml for Publish
if: ${{ matrix.canonical }}
uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
server-id: ossrh
server-username: OSSRH_USERNAME
server-password: OSSRH_PASSWORD
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: GPG_PASSPHRASE
- name: Publish
if: ${{ matrix.canonical }}
run: |
./.github/scripts/publish.sh -Possrh
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}