You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by sj...@apache.org on 2022/11/16 08:00:16 UTC
[maven] branch update-gh-actions-3.9 created (now 29f0ee5c5)
This is an automated email from the ASF dual-hosted git repository.
sjaranowski pushed a change to branch update-gh-actions-3.9
in repository https://gitbox.apache.org/repos/asf/maven.git
at 29f0ee5c5 Update actions in GH build
This branch includes the following new commits:
new 29f0ee5c5 Update actions in GH build
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[maven] 01/01: Update actions in GH build
Posted by sj...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sjaranowski pushed a commit to branch update-gh-actions-3.9
in repository https://gitbox.apache.org/repos/asf/maven.git
commit 29f0ee5c5397db5a9e892a45ede59f3ecd05aa4f
Author: Slawomir Jaranowski <s....@gmail.com>
AuthorDate: Sat Nov 12 18:03:02 2022 +0100
Update actions in GH build
chery-pick from a6b1ebb1cd40ca4b288fdeb30c6d2460323aa25b
Old actions use deprecated node 12
- cache v2 -> v3
- checkout v2 -> v3
- download-artifact v2 -> v3
- setup-java v2 -> v3
- disable access to GITHUB_TOKEN
- don't store credentials with checkout
- don't execute build for PR from local repository branches - we have build on push event
---
.github/workflows/maven.yml | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 3b82ac148..ca2127fd1 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -19,8 +19,15 @@ name: Java CI
on: [push, pull_request]
+# clear all permissions for GITHUB_TOKEN
+permissions: {}
+
jobs:
build:
+
+ # execute on any push or pull request from forked repo
+ if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork )
+
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macOS-latest]
@@ -29,8 +36,11 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- - uses: actions/checkout@v2
- - uses: actions/setup-java@v2
+ - uses: actions/checkout@v3
+ with:
+ persist-credentials: false
+
+ - uses: actions/setup-java@v3
with:
java-version: 8
distribution: 'temurin'
@@ -40,7 +50,7 @@ jobs:
run: mvn verify -e -B -V -DdistributionFileName=apache-maven
- name: Upload built Maven
- uses: actions/upload-artifact@v2
+ uses: actions/upload-artifact@v3
if: ${{ matrix.os == 'ubuntu-latest' }}
with:
name: built-maven
@@ -89,14 +99,16 @@ jobs:
echo "REPO_USER=$target_user" >> $GITHUB_ENV
- name: Checkout maven-integration-testing
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
repository: ${{ env.REPO_USER }}/maven-integration-testing
path: maven-integration-testing/
ref: ${{ env.REPO_BRANCH }}
+ persist-credentials: false
+
- name: Set up cache for ~/.m2/repository
- uses: actions/cache@v2
+ uses: actions/cache@v3
with:
path: ~/.m2/repository
key: it-m2-repo-${{ matrix.os }}-${{ hashFiles('maven-integration-testing/**/pom.xml') }}
@@ -104,13 +116,13 @@ jobs:
it-m2-repo-${{ matrix.os }}-
- name: Download built Maven
- uses: actions/download-artifact@v2
+ uses: actions/download-artifact@v3
with:
name: built-maven
path: built-maven/
- name: Set up JDK
- uses: actions/setup-java@v2
+ uses: actions/setup-java@v3
with:
java-version: ${{ matrix.java }}
distribution: 'temurin'