-
Notifications
You must be signed in to change notification settings - Fork 115
100 lines (90 loc) · 3.39 KB
/
ubuntu_workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: ubuntu-workflow
on:
push:
branches:
- master
pull_request:
branches:
- '*'
permissions: # limit the permissions of the GITHIUB_TOKEN to reading repository contents
contents: read
jobs:
build:
permissions:
actions: write # for styfle/cancel-workflow-action to cancel/stop running workflows
contents: read # for actions/checkout to fetch code
runs-on: ubuntu-latest
outputs:
build-scan-url: ${{ steps.build.outputs.build-scan-url }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.12.1
with:
access_token: ${{ github.token }}
- uses: actions/checkout@v4
with:
submodules: true
- uses: gradle/wrapper-validation-action@v3
- uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
restore-keys: |
${{ runner.os }}-gradle-
- id: build
name: Gradle clean build
uses: gradle/gradle-build-action@v3.5.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HEAD_REF: ${{ github.head_ref }}
with:
arguments: "clean build"
publish-scan-url:
needs: [ build ]
permissions:
pull-requests: write # to allow creating or updating a comment
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- name: Get current time
uses: 1466587594/get-current-time@v2
id: current-time
with:
format: 'YYYY-MM-DD HH:mm:ss'
utcOffset: "+00:00"
- name: Find Comment
uses: peter-evans/find-comment@v3
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: Buildscan url for ubuntu-workflow run
- name: Create comment
if: ${{ steps.fc.outputs.comment-id == 0 }}
uses: peter-evans/create-or-update-comment@v4
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
**Timestamp:** ${{ steps.current-time.outputs.formattedTime }}
**Buildscan url for ubuntu-workflow run [${{ github.run_id }}](https://github.com/Flank/flank/actions/runs/${{ github.run_id }})**
${{ needs.build.outputs.build-scan-url }}
- name: Update comment
if: ${{ steps.fc.outputs.comment-id != 0 }}
uses: peter-evans/create-or-update-comment@v4
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
edit-mode: replace
body: |
**Timestamp:** ${{ steps.current-time.outputs.formattedTime }}
**Buildscan url for ubuntu-workflow run [${{ github.run_id }}](https://github.com/Flank/flank/actions/runs/${{ github.run_id }})**
${{ needs.build.outputs.build-scan-url }}