* add gh action, dependabot and release-drafter and get rid of travis * move owasp check in a separate profile Signed-off-by: Olivier Lamy <olamy@apache.org>pull/73/head
@@ -31,5 +31,13 @@ updates: | |||
- package-ecosystem: "github-actions" | |||
directory: "/" | |||
target-branch: "archiva-2.x" | |||
schedule: | |||
interval: "daily" | |||
- package-ecosystem: "github-actions" | |||
directory: "/" | |||
target-branch: "master" | |||
schedule: | |||
interval: "daily" | |||
@@ -16,3 +16,4 @@ | |||
# under the License. | |||
_extends: archiva-parent | |||
tag-template: archiva-$NEXT_MINOR_VERSION |
@@ -0,0 +1,48 @@ | |||
# Licensed to the Apache Software Foundation (ASF) under one | |||
# or more contributor license agreements. See the NOTICE file | |||
# distributed with this work for additional information | |||
# regarding copyright ownership. The ASF licenses this file | |||
# to you under the Apache License, Version 2.0 (the | |||
# "License"); you may not use this file except in compliance | |||
# with the License. You may obtain a copy of the License at | |||
# | |||
# http://www.apache.org/licenses/LICENSE-2.0 | |||
# | |||
# Unless required by applicable law or agreed to in writing, | |||
# software distributed under the License is distributed on an | |||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
# KIND, either express or implied. See the License for the | |||
# specific language governing permissions and limitations | |||
# under the License. | |||
name: GitHub CI | |||
on: | |||
push: | |||
pull_request: | |||
jobs: | |||
build: | |||
strategy: | |||
matrix: | |||
os: [ubuntu-latest] | |||
java: [8, 11] | |||
fail-fast: false | |||
runs-on: ${{ matrix.os }} | |||
steps: | |||
- name: Checkout | |||
uses: actions/checkout@v2 | |||
- name: Set up JDK | |||
uses: actions/setup-java@v2.3.1 | |||
with: | |||
distribution: temurin | |||
java-version: ${{ matrix.java }} | |||
cache: 'maven' | |||
- name: Build with Maven | |||
run: mvn -e -B -V install -Pci-build -T2 |
@@ -14,16 +14,16 @@ | |||
# KIND, either express or implied. See the License for the | |||
# specific language governing permissions and limitations | |||
# under the License. | |||
name: Release Drafter | |||
on: | |||
push: | |||
branches: | |||
- master | |||
- archiva-2.x | |||
jobs: | |||
update_release_draft: | |||
runs-on: ubuntu-latest | |||
steps: | |||
- uses: release-drafter/release-drafter@v5.18.1 | |||
- uses: release-drafter/release-drafter@v5 | |||
env: | |||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
@@ -1,17 +0,0 @@ | |||
language: java | |||
dist: xenial | |||
jdk: | |||
- openjdk8 | |||
install: "mvn clean install -DskipTests=true -B -V -Pci-build" | |||
script: "mvn clean install -B -V -Pci-build" | |||
cache: | |||
directories: | |||
- $HOME/.m2 | |||
branches: | |||
except: | |||
- gh-pages | |||
@@ -149,7 +149,7 @@ pipeline { | |||
{ | |||
sh "chmod 755 ./src/ci/scripts/prepareWorkspace.sh" | |||
sh "./src/ci/scripts/prepareWorkspace.sh" | |||
sh "mvn clean install -U -B -e -fae -Dorg.slf4j.simpleLogger.showThreadName=true -Dmaven.compiler.fork=true -Pci-build -T${THREADS}" | |||
sh "mvn clean install -U -B -e -fae -Dorg.slf4j.simpleLogger.showThreadName=true -Pci-build -T${THREADS}" | |||
} | |||
} | |||
} |
@@ -840,30 +840,6 @@ | |||
</systemPropertyVariables> | |||
</configuration> | |||
</plugin> | |||
<plugin> | |||
<groupId>org.owasp</groupId> | |||
<artifactId>dependency-check-maven</artifactId> | |||
<version>6.0.4</version> | |||
<configuration> | |||
<skipProvidedScope>true</skipProvidedScope> | |||
<failBuildOnCVSS>8</failBuildOnCVSS> | |||
<suppressionFile>${project.basedir}/src/main/resources/META-INF/owasp/cve-suppressions.xml</suppressionFile> | |||
<ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled> | |||
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled> | |||
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled> | |||
</configuration> | |||
<executions> | |||
<execution> | |||
<goals> | |||
<goal>check</goal> | |||
</goals> | |||
</execution> | |||
</executions> | |||
</plugin> | |||
</plugins> | |||
</build> | |||
@@ -874,6 +850,33 @@ | |||
<archiva.repositorySessionFactory.id>cassandra</archiva.repositorySessionFactory.id> | |||
</properties> | |||
</profile> | |||
<profile> | |||
<id>owasp</id> | |||
<build> | |||
<plugins> | |||
<plugin> | |||
<groupId>org.owasp</groupId> | |||
<artifactId>dependency-check-maven</artifactId> | |||
<version>6.0.4</version> | |||
<configuration> | |||
<skipProvidedScope>true</skipProvidedScope> | |||
<failBuildOnCVSS>8</failBuildOnCVSS> | |||
<suppressionFile>${project.basedir}/src/main/resources/META-INF/owasp/cve-suppressions.xml</suppressionFile> | |||
<ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled> | |||
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled> | |||
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled> | |||
</configuration> | |||
<executions> | |||
<execution> | |||
<goals> | |||
<goal>check</goal> | |||
</goals> | |||
</execution> | |||
</executions> | |||
</plugin> | |||
</plugins> | |||
</build> | |||
</profile> | |||
</profiles> | |||
</project> |
@@ -2179,17 +2179,17 @@ | |||
<enabled>true</enabled> | |||
</snapshots> | |||
</repository> | |||
<repository> | |||
<id>jetty.snapshots</id> | |||
<name>Jetty Snapshots</name> | |||
<url>https://oss.sonatype.org/content/repositories/jetty-snapshots/</url> | |||
<releases> | |||
<enabled>false</enabled> | |||
</releases> | |||
<snapshots> | |||
<enabled>true</enabled> | |||
</snapshots> | |||
</repository> | |||
<!-- <repository>--> | |||
<!-- <id>jetty.snapshots</id>--> | |||
<!-- <name>Jetty Snapshots</name>--> | |||
<!-- <url>https://oss.sonatype.org/content/repositories/jetty-snapshots/</url>--> | |||
<!-- <releases>--> | |||
<!-- <enabled>false</enabled>--> | |||
<!-- </releases>--> | |||
<!-- <snapshots>--> | |||
<!-- <enabled>true</enabled>--> | |||
<!-- </snapshots>--> | |||
<!-- </repository>--> | |||
</repositories> | |||
<pluginRepositories> | |||
<pluginRepository> | |||
@@ -2203,16 +2203,16 @@ | |||
<enabled>true</enabled> | |||
</snapshots> | |||
</pluginRepository> | |||
<pluginRepository> | |||
<id>jetty.snapshots</id> | |||
<name>Jetty Snapshots</name> | |||
<url>https://oss.sonatype.org/content/repositories/jetty-snapshots/</url> | |||
<releases> | |||
<enabled>false</enabled> | |||
</releases> | |||
<snapshots> | |||
<enabled>true</enabled> | |||
</snapshots> | |||
</pluginRepository> | |||
<!-- <pluginRepository>--> | |||
<!-- <id>jetty.snapshots</id>--> | |||
<!-- <name>Jetty Snapshots</name>--> | |||
<!-- <url>https://oss.sonatype.org/content/repositories/jetty-snapshots/</url>--> | |||
<!-- <releases>--> | |||
<!-- <enabled>false</enabled>--> | |||
<!-- </releases>--> | |||
<!-- <snapshots>--> | |||
<!-- <enabled>true</enabled>--> | |||
<!-- </snapshots>--> | |||
<!-- </pluginRepository>--> | |||
</pluginRepositories> | |||
</project> |