Maintain actions.

2022-03-01 13:19:37 +01:00 · 2022-03-01 13:19:37 +01:00 · 2a31de933d
commit 2a31de933d
parent d379becb63
10 changed files with 107 additions and 46 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,4 +1,2 @@
-@sschnabe
-@wistefan
-@rpahli
-@fabian-schlegel
+# https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
+* @sschnabe @rpahli @fabian-schlegel
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -2,6 +2,8 @@ version: 2
 updates:
  - package-ecosystem: maven
    directory: /
+    open-pull-requests-limit: 1
+    rebase-strategy: auto
    schedule:
      interval: daily
    ignore:
@ -9,5 +11,7 @@ updates:
        update-types: ["version-update:semver-major", "version-update:semver-minor"]
  - package-ecosystem: github-actions
    directory: /
+    open-pull-requests-limit: 1
+    rebase-strategy: auto
    schedule:
      interval: daily
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@ -2,10 +2,7 @@ name: CodeQL

 "on":
  workflow_dispatch: {}
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
+  pull_request: {}
  schedule:
    - cron: '0 0 * * *'

@ -17,7 +14,7 @@ jobs:
      actions: read
      contents: read
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.4.0
      - uses: github/codeql-action/init@v1
        with:
          languages: java
--- a/.github/workflows/dependabot.yaml
+++ b/.github/workflows/dependabot.yaml
@ -0,0 +1,22 @@
+name: Dependabot
+
+"on": pull_request_target
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - uses: dependabot/fetch-metadata@v1.1.1
+        id: metadata
+        with:
+          github-token: "${{ secrets.GIT_ACTION_TOKEN }}"
+      - run: gh pr review --approve "$PR_URL"
+        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ secrets.GIT_ACTION_TOKEN }}
+      - run: gh pr merge --auto "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ secrets.GIT_ACTION_TOKEN }}
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@ -0,0 +1,26 @@
+name: Lint
+
+"on":
+  workflow_dispatch: {}
+  push:
+    branches: [main]
+  pull_request: {}
+
+jobs:
+
+  yaml:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.4.0
+      - uses: ibiqlik/action-yamllint@v3.1.0
+        with:
+          format: colored
+          strict: true
+
+  markdown:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.4.0
+      - uses: avto-dev/markdown-lint@v1.5.0
+        with:
+          args: /github/workspace
--- a/.github/workflows/pullrequest.yaml
+++ b/.github/workflows/pullrequest.yaml
@ -0,0 +1,26 @@
+name: PullRequest
+
+"on": pull_request
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.4.0
+      - uses: actions/setup-java@v3.0.0
+        with:
+          distribution: temurin
+          java-version: 11
+          cache: maven
+      - run: mvn -B dependency:go-offline
+      - run: mvn -B verify
+      - uses: dorny/test-reporter@v1.5.0
+        if: failure()
+        with:
+          name: surefire
+          path: '**/target/surefire-reports/*.xml,**/target/invoker-reports/*.xml'
+          reporter: java-junit
+          list-suites: failed
+          list-tests: failed
+          fail-on-error: false
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -1,22 +1,21 @@
 name: Release

-"on":
-  workflow_dispatch: {}
+"on": workflow_dispatch

 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.4.0
        with:
          token: ${{ secrets.GIT_ACTION_TOKEN }}
-      - uses: crazy-max/ghaction-import-gpg@v4
+      - uses: crazy-max/ghaction-import-gpg@v4.1.0
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true
-      - uses: actions/setup-java@v2
+      - uses: actions/setup-java@v3.0.0
        with:
          distribution: temurin
          java-version: 11
--- a/.github/workflows/snapshot.yaml
+++ b/.github/workflows/snapshot.yaml
@ -2,32 +2,16 @@ name: Snapshot

 "on":
  workflow_dispatch: {}
-  push: {}
+  push:
+    branches: [main]
+    paths-ignore: ['**.md']

 jobs:
-
-  yaml:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ibiqlik/action-yamllint@v3
-        with:
-          format: colored
-          strict: true
-
-  markdown:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: docker://avtodev/markdown-lint:v1
-        with:
-          args: /github/workspace
-
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v2
+      - uses: actions/checkout@v2.4.0
+      - uses: actions/setup-java@v3.0.0
        with:
          distribution: temurin
          java-version: 11
@ -36,14 +20,11 @@ jobs:
          server-username: SERVER_USERNAME
          server-password: SERVER_PASSWORD
      - run: mvn -B dependency:go-offline
-      - run: mvn -B verify
-        if: github.ref != 'refs/heads/main'
      - run: mvn -B deploy
-        if: github.ref == 'refs/heads/main'
        env:
          SERVER_USERNAME: ${{ secrets.SONATYPE_NEXUS_USERNAME }}
          SERVER_PASSWORD: ${{ secrets.SONATYPE_NEXUS_PASSWORD }}
-      - uses: dorny/test-reporter@v1
+      - uses: dorny/test-reporter@v1.5.0
        if: failure()
        with:
          name: surefire
@ -51,3 +32,4 @@ jobs:
          reporter: java-junit
          list-suites: failed
          list-tests: failed
+          fail-on-error: false