diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index a2e7eca..8564013 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -25,6 +25,10 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: 'lts/*'
+ - name: Set up Maven
+ uses: stCarolas/setup-maven@v5
+ with:
+ maven-version: 3.9.9
- name: check Sonar pre-conditions
id: check_sonar
continue-on-error: true
@@ -35,15 +39,15 @@ jobs:
shell: bash
- name: Build with Sonar
id: build_sonar
- if: matrix.java == '17' && steps.check_sonar.outcome == 'success' && !startsWith(github.head_ref, 'dependabot/')
+ if: matrix.java == 17 && steps.check_sonar.outcome == 'success' && !startsWith(github.head_ref, 'dependabot/')
env:
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
SONAR_ORGANIZATION: ${{ secrets.SONARCLOUD_ORGANIZATION }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: mvn -B -e -X clean test verify package sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.projectKey=org.jenkins-ci.plugins:dependency-track -Dsonar.organization=$SONAR_ORGANIZATION -Dsonar.token=$SONAR_TOKEN
+ run: mvn -B -T 1C package sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.projectKey=org.jenkins-ci.plugins:dependency-track -Dsonar.organization=$SONAR_ORGANIZATION -Dsonar.token=$SONAR_TOKEN
- name: Build without Sonar
if: steps.build_sonar.conclusion == 'skipped'
- run: mvn -B -e -X clean test verify package
+ run: mvn -B -T 1C package
- name: Sonar Quality Gate check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@master
@@ -54,7 +58,7 @@ jobs:
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
SONAR_ORGANIZATION: ${{ secrets.SONARCLOUD_ORGANIZATION }}
- uses: actions/upload-artifact@v4
- if: matrix.java == '17' && success()
+ if: matrix.java == 17 && success()
with:
path: target/dependency-track.hpi
name: dependency-track.hpi
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 0ee340a..ed8073e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -32,7 +32,7 @@ jobs:
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
- java: [11]
+ java: [17]
steps:
- name: Checkout repository
@@ -43,15 +43,19 @@ jobs:
if: matrix.language == 'java'
with:
java-version: ${{ matrix.java }}
- distribution: 'temurin'
+ distribution: 'zulu'
+ cache: 'maven'
- - name: Cache Maven packages
- uses: actions/cache@v4
+ - name: Set up Maven
+ uses: stCarolas/setup-maven@v5
if: matrix.language == 'java'
with:
- path: ~/.m2
- key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: ${{ runner.os }}-m2
+ maven-version: 3.9.9
+
+ - name: Set up Node.js
+ uses: actions/setup-node@v4
+ with:
+ node-version: 'lts/*'
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
diff --git a/pom.xml b/pom.xml
index 0d804ac..f3efd46 100644
--- a/pom.xml
+++ b/pom.xml
@@ -368,6 +368,19 @@
org.apache.maven.plugins
maven-enforcer-plugin
+
+ enforce-maven
+
+ enforce
+
+
+
+
+ [3.9.6,)
+
+
+
+
enforce npm-managed files exists
@@ -558,14 +571,14 @@
repo.jenkins-ci.org
- https://repo.jenkins-ci.org/public/
+ https://repo.jenkins-ci.org/releases/
repo.jenkins-ci.org
- https://repo.jenkins-ci.org/public/
+ https://repo.jenkins-ci.org/releases/