[Snyk] Security upgrade io.quarkiverse.artemis:quarkus-artemis-jms from 2.1.1 to 3.3.0 #3828
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths: | |
| - "**.java" | |
| - "application/**" | |
| - "!application/**/*.md" | |
| - ".github/workflows/java-ci.yml" | |
| pull_request: | |
| paths: | |
| - "**.java" | |
| - "application/**" | |
| - "!application/**/*.md" | |
| - ".github/workflows/java-ci.yml" | |
| jobs: | |
| build-init: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup GraalVM | |
| uses: DeLaGuardo/setup-graalvm@5.0 | |
| with: | |
| graalvm: "22.2.0" | |
| java: "java17" | |
| arch: "amd64" | |
| - run: java -version | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: java | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar-parent-pom | |
| restore-keys: ${{ runner.os }}-sonar-parent-pom | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-parent-pom-${{ hashFiles('**/parent-pom/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven-parent-pom | |
| - name: Maven Deploy POM to Github Package Registry | |
| working-directory: ./application/parent-pom/ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./mvnw -B deploy --settings ../.m2/settings.xml | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar-webapp-service | |
| restore-keys: ${{ runner.os }}-sonar-webapp-service | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-webapp-service-${{ hashFiles('**/webapp-service/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven-webapp-service | |
| - name: Maven Deploy to Github Package Registry | |
| working-directory: ./application/webapp-service | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./mvnw -B deploy --settings ../.m2/settings.xml | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3.1.6 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Run codacy-coverage-reporter | |
| uses: codacy/codacy-coverage-reporter-action@v1.3.0 | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| - name: Upload coverage to SonarCloud | |
| working-directory: ./application/webapp-service | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
| -Dsonar.projectKey=yurake_webapp-service | |
| -Dsonar.organization=yurak | |
| -Dsonar.host.url=https://sonarcloud.io/ | |
| -Dsonar.login=${{ secrets.SONAR_TOKEN }} | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| - name: Upload test results to Datadog | |
| working-directory: ./application/webapp-service | |
| if: always() | |
| run: | | |
| npm install -g @datadog/datadog-ci | |
| DD_ENV=ci DATADOG_API_KEY=${{ secrets.DATADOG_APIKEY }} DATADOG_SITE=datadoghq.com datadog-ci junit upload --service webapp-service target/surefire-reports | |
| build-jvm: | |
| needs: build-init | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| application: | |
| [ | |
| jaxrs-activemq-quarkus, | |
| consumer-activemq-quarkus, | |
| jaxrs-cassandra-quarkus, | |
| consumer-hazelcast-quarkus, | |
| jaxrs-hazelcast-quarkus, | |
| jaxrs-memcached-quarkus, | |
| jaxrs-mongodb-quarkus, | |
| jaxrs-mysql-quarkus, | |
| jaxrs-postgres-quarkus, | |
| jaxrs-rabbitmq-quarkus, | |
| jaxrs-redis-quarkus, | |
| consumer-rabbitmq-quarkus, | |
| converter-rabbitmq-quarkus, | |
| consumer-redis-quarkus, | |
| ] | |
| fail-fast: false | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup GraalVM | |
| uses: DeLaGuardo/setup-graalvm@5.0 | |
| with: | |
| graalvm: "22.2.0" | |
| java: "java17" | |
| arch: "amd64" | |
| - run: java -version | |
| - name: setup-native-image | |
| run: | | |
| gu install native-image | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: java | |
| - name: Login to Docker Hub | |
| if: github.event_name == 'push' | |
| uses: docker/login-action@v2.2.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASS }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2.10.0 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ github.ref }}-${{ github.sha }} | |
| restore-keys: | | |
| ${{ github.ref }}-${{ github.sha }} | |
| ${{ github.ref }} | |
| refs/head/main | |
| - name: setup docker push actions | |
| run: | | |
| if [[ github.event_name == 'push' ]]; then | |
| echo "PUSH=true" >> $GITHUB_ENV | |
| else | |
| echo "PUSH=false" >> $GITHUB_ENV | |
| fi | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar-${{ matrix.application }} | |
| restore-keys: ${{ runner.os }}-sonar-${{ matrix.application }} | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ matrix.application }}-${{ hashFiles('**/${{ matrix.application }}/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven-${{ matrix.application }} | |
| - name: Maven Build | |
| working-directory: ./application/${{ matrix.application }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./mvnw -B verify --settings ../.m2/settings.xml | |
| - name: Build and push | |
| uses: docker/build-push-action@v4.2.1 | |
| with: | |
| file: application/${{ matrix.application }}/src/main/docker/Dockerfile.jvm | |
| context: application/${{ matrix.application }} | |
| push: ${{ env.PUSH }} | |
| tags: ${{ secrets.DOCKERHUB_USER }}/${{ matrix.application }}:latest | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3.1.6 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Run codacy-coverage-reporter | |
| uses: codacy/codacy-coverage-reporter-action@v1.3.0 | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| - name: Upload coverage to SonarCloud | |
| working-directory: ./application/${{ matrix.application }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
| -Dsonar.projectKey=yurake_${{ matrix.application }} | |
| -Dsonar.organization=yurak | |
| -Dsonar.host.url=https://sonarcloud.io/ | |
| -Dsonar.login=${{ secrets.SONAR_TOKEN }} | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| - name: Upload test results to Datadog | |
| working-directory: ./application/${{ matrix.application }} | |
| if: always() | |
| run: | | |
| npm install -g @datadog/datadog-ci | |
| DD_ENV=ci DATADOG_API_KEY=${{ secrets.DATADOG_APIKEY }} DATADOG_SITE=datadoghq.com datadog-ci junit upload --service ${{ matrix.application }} target/surefire-reports | |
| build-native: | |
| needs: build-init | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| application: | |
| [ | |
| consumer-kafka-quarkus, | |
| converter-kafka-quarkus, | |
| scheduled-quarkus, | |
| jaxrs-kafka-quarkus, | |
| producer-kafka-quarkus, | |
| randompublish-quarkus, | |
| server-grpc-quarkus, | |
| jaxrs-grpc-quarkus, | |
| ] | |
| fail-fast: false | |
| steps: | |
| - name: Check out Git repository | |
| uses: actions/checkout@v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup GraalVM | |
| uses: DeLaGuardo/setup-graalvm@5.0 | |
| with: | |
| graalvm: "22.2.0" | |
| java: "java17" | |
| arch: "amd64" | |
| - run: java -version | |
| - name: setup-native-image | |
| run: | | |
| gu install native-image | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: java | |
| - name: Login to Docker Hub | |
| if: github.event_name == 'push' | |
| uses: docker/login-action@v2.2.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASS }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2.10.0 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ github.ref }}-${{ github.sha }} | |
| restore-keys: | | |
| ${{ github.ref }}-${{ github.sha }} | |
| ${{ github.ref }} | |
| refs/head/main | |
| - name: setup docker push actions | |
| run: | | |
| if [[ github.event_name == 'push' ]]; then | |
| echo "PUSH=true" >> $GITHUB_ENV | |
| else | |
| echo "PUSH=false" >> $GITHUB_ENV | |
| fi | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar-${{ matrix.application }} | |
| restore-keys: ${{ runner.os }}-sonar-${{ matrix.application }} | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4.0.2 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ matrix.application }}-${{ hashFiles('**/${{ matrix.application }}/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven-${{ matrix.application }} | |
| - name: Maven Build | |
| working-directory: ./application/${{ matrix.application }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./mvnw -B verify --settings ../.m2/settings.xml -Pnative | |
| - name: Build and push | |
| uses: docker/build-push-action@v4.2.1 | |
| with: | |
| file: application/${{ matrix.application }}/src/main/docker/Dockerfile.native | |
| context: application/${{ matrix.application }} | |
| push: ${{ env.PUSH }} | |
| tags: ${{ secrets.DOCKERHUB_USER }}/${{ matrix.application }}:latest | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3.1.6 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Run codacy-coverage-reporter | |
| uses: codacy/codacy-coverage-reporter-action@v1.3.0 | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| - name: Upload coverage to SonarCloud | |
| working-directory: ./application/${{ matrix.application }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | |
| -Dsonar.projectKey=yurake_${{ matrix.application }} | |
| -Dsonar.organization=yurak | |
| -Dsonar.host.url=https://sonarcloud.io/ | |
| -Dsonar.login=${{ secrets.SONAR_TOKEN }} | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| - name: Upload test results to Datadog | |
| working-directory: ./application/${{ matrix.application }} | |
| if: always() | |
| run: | | |
| npm install -g @datadog/datadog-ci | |
| DD_ENV=ci DATADOG_API_KEY=${{ secrets.DATADOG_APIKEY }} DATADOG_SITE=datadoghq.com datadog-ci junit upload --service ${{ matrix.application }} target/surefire-reports |