Skip to content

[mqtt] Update common files for branch 4.0.x #126

[mqtt] Update common files for branch 4.0.x

[mqtt] Update common files for branch 4.0.x #126

Workflow file for this run

# WARNING: Do not edit this file directly. Instead, go to:
#
# https://github.com/micronaut-projects/micronaut-project-template/tree/master/.github/workflows
#
# and edit them there. Note that it will be sync'ed to all the Micronaut repos
name: Vulnerability Audit
on:
pull_request:
branches:
- '[0-9]+.[0-9]+.x'
paths:
- '**/*.gradle'
- '**/*.gradle.kts'
- 'gradle.properties'
- 'settings.gradle'
- 'settings.gradle.kts'
- 'gradle/libs.versions.toml'
- 'gradle/wrapper/**'
- 'buildSrc/**'
- 'gradle/**'
- '**/gradle.lockfile'
- '**/versions.lock'
- 'osv-scanner.toml'
- '.github/workflows/sonatype.yml'
- '.github/workflows/release.yml'
- '.github/scripts/vulnerability-audit.sh'
- '.github/scripts/vulnerability-audit-filter.py'
jobs:
audit:
if: github.repository != 'micronaut-projects/micronaut-project-template'
runs-on: ubuntu-latest
strategy:
matrix:
java: ['25']
env:
TESTCONTAINERS_RYUK_DISABLED: true
steps:
# https://github.com/actions/virtual-environments/issues/709
- name: Remove system JDKs
run: |
sudo rm -rf /usr/lib/jvm/*
unset JAVA_HOME
export PATH=$(echo "$PATH" | tr ':' '\n' | grep -v '/usr/lib/jvm' | paste -sd:)
- name: "πŸ—‘ Free disk space"
run: |
sudo rm -rf "/usr/local/share/boost"
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
sudo rm -rf "/opt/ghc"
sudo rm -rf "/usr/share/dotnet"
sudo rm -rf "/usr/local/lib/android"
sudo apt-get clean
df -h
- name: "πŸ“₯ Checkout repository"
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: 0
- name: "πŸ”§ Setup GraalVM CE"
uses: graalvm/setup-graalvm@6f3fa030c4b8f77c1f554a860f593a654538fa38 # v1
with:
distribution: 'graalvm'
java-version: ${{ matrix.java }}
github-token: ${{ secrets.GITHUB_TOKEN }}
native-image-job-reports: true
- name: "πŸ”§ Setup Gradle"
uses: gradle/actions/setup-gradle@3f131e8634966bd73d06cc69884922b02e6faf92 # v6
- name: "❓ Optional setup step"
run: |
[ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
- name: "πŸš” Vulnerability Audit"
if: matrix.java == '25'
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
DEVELOCITY_CACHE_USERNAME: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
DEVELOCITY_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
GH_TOKEN_PUBLIC_REPOS_READONLY: ${{ secrets.GH_TOKEN_PUBLIC_REPOS_READONLY }}
GH_USERNAME: ${{ secrets.GH_USERNAME }}
run: |
.github/scripts/vulnerability-audit.sh
- name: "❓ Optional cleanup step"
run: |
[ -f ./cleanup.sh ] && ./cleanup.sh || [ ! -f ./cleanup.sh ]