From 4122b17dcfbe6c405d0b61ad8ff2a99ac725cbce Mon Sep 17 00:00:00 2001 From: Djaytan <26904516+Djaytan@users.noreply.github.com> Date: Sat, 6 Jan 2024 17:34:59 +0100 Subject: [PATCH] ci(github): split CI job in two for performances improvement --- .github/workflows/ci.yml | 58 ++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 77a8621e1..7ccb45104 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,14 +12,12 @@ on: permissions: {} jobs: - ci: - name: CI + build-and-test: + name: Build & Test runs-on: ubuntu-latest permissions: - actions: read contents: read - security-events: write steps: - name: Harden runner @@ -29,8 +27,6 @@ jobs: egress-policy: block allowed-endpoints: > github.com:443 - api.github.com:443 - uploads.github.com:443 objects.githubusercontent.com:443 repo.maven.apache.org:443 jitpack.io:443 @@ -74,11 +70,6 @@ jobs: key: sonar restore-keys: sonar - - name: Initialize CodeQL - uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 - with: - languages: java - - name: Maven build & SonarCloud quality scan env: GITHUB_TOKEN: ${{ github.token }} @@ -93,6 +84,51 @@ jobs: -Dsonar.organization="${SONAR_ORGANIZATION}" \ -Dsonar.projectKey="${SONAR_PROJECT_KEY}" + security-scan: + name: Security scan + runs-on: ubuntu-latest + + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Harden runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + api.github.com:443 + uploads.github.com:443 + repo.maven.apache.org:443 + jitpack.io:443 + repo.papermc.io:443 + + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + + - name: Set up JDK 17 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 + with: + java-version: 17 + distribution: temurin + cache: maven + + - name: Initialize CodeQL + uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + with: + languages: java + + - name: Build + run: | + mvn package --activate-profiles fast \ + --batch-mode --errors --strict-checksums --update-snapshots --fail-fast + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 with: