Bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.1 to 3.8.1 #880

Workflow file for this run

	name: Gytheio CI

	on:
	pull_request:
	branches:
	- master
	- SP/**
	- HF/**
	- ACS-**
	- feature/**
	push:
	branches:
	- master
	- SP/**
	- HF/**
	- ACS-**
	- feature/**
	schedule:
	- cron: '0 5 * * 3'
	workflow_dispatch:

	env:
	MAVEN_USERNAME: ${{ secrets.NEXUS_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
	GIT_USERNAME: ${{ secrets.BOT_GITHUB_USERNAME }}
	GIT_PASSWORD: ${{ secrets.BOT_GITHUB_TOKEN }}
	AWS_REGION: eu-west-1

	jobs:
	veracode_sca:
	name: "Source Clear Scan (SCA)"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	continue-on-error: true
	with:
	srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}

	veracode_sast:
	name: "Pipeline SAST Scan"
	runs-on: ubuntu-latest
	if: >
	(github.ref_name == 'master' \|\| startsWith(github.ref_name, 'SP/') \|\| startsWith(github.ref_name, 'HF/') \|\| github.event_name == 'pull_request') &&
	github.actor != 'dependabot[bot]' &&
	!contains(github.event.head_commit.message, '[skip build]')
	steps:
	- uses: actions/checkout@v4
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- name: "Login to Docker Hub"
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: "Login to Quay.io"
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	with:
	token: ${{ secrets.BOT_GITHUB_TOKEN }}
	repository: "Alfresco/veracode-baseline-archive"
	file-path: "gytheio/gytheio-baseline.json"
	target: "baseline.json"
	- name: "Build"
	run: mvn -B -U install -DskipTests
	- name: Create zip
	run: find gytheio/gytheio/target gytheio/target -name '.jar' -exec zip -y -r to-scan.zip {} +
	- name: "Run SAST Scan"
	uses: veracode/[email protected]
	with:
	vid: ${{ secrets.VERACODE_API_ID }}
	vkey: ${{ secrets.VERACODE_API_KEY }}
	file: "to-scan.zip"
	fail_build: true
	project_name: gytheio
	issue_details: true
	veracode_policy_name: Alfresco Default
	summary_output: true
	summary_output_file: results.json
	summary_display: true
	baseline_file: baseline.json
	- name: Upload scan result
	if: success() \|\| failure()
	run: zip readable_output.zip results.json
	- name: Upload Artifact
	if: success() \|\| failure()
	uses: actions/upload-artifact@v4
	with:
	name: Veracode Pipeline-Scan Results (Human Readable)
	path: readable_output.zip

	build:
	name: "Build"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- name: "Remove SNAPSHOT artifacts"
	run: find "${HOME}/.m2/repository/" -type d -name "-SNAPSHOT" \| xargs -r -l rm -rf
	- name: "Install ImageMagick to parse PDFs"
	run: \|
	sudo apt-get update
	sudo apt-get install -q -y imagemagick ghostscript ffmpeg
	# ImageMagick6's default security policy doesn't allow it to parse PDFs
	sudo sed -i '/PDF/s/none/read\|write/' /etc/ImageMagick-6/policy.xml
	- name: "Configure AWS credentials"
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_S3_BUCKET_CREATE_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_S3_BUCKET_CREATE_SECRET_ACCESS_KEY }}
	aws-region: ${{ env.AWS_REGION }}
	- name: "Build and test"
	run: bash _ci/build.sh

	release:
	name: "Release"
	needs: [veracode_sca, build]
	runs-on: ubuntu-latest
	if: >
	contains(github.event.head_commit.message, '[release]') &&
	github.event_name != 'pull_request' &&
	(github.ref_name == 'master' \|\| startsWith(github.ref_name, 'SP/') \|\| startsWith(github.ref_name, 'HF/'))
	steps:
	- uses: actions/checkout@v4
	with:
	persist-credentials: false
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	- uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
	with:
	username: ${{ secrets.BOT_GITHUB_USERNAME }}
	email: ${{ secrets.BOT_GITHUB_EMAIL }}
	- name: "Remove SNAPSHOT artifacts"
	run: find "${HOME}/.m2/repository/" -type d -name "-SNAPSHOT" \| xargs -r -l rm -rf
	- name: "Release"
	run: bash _ci/release.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.1 to 3.8.1 #880

Workflow file

Bump org.apache.maven.plugins:maven-dependency-plugin from 3.7.1 to 3.8.1 #880

Jobs

Run details

Workflow file for this run