separate workflow files; edit checker to properly check metadata for cvss

2025-03-27 10:25:59 -07:00 · 2025-03-27 10:25:59 -07:00 · 8a3354bdb6
commit 8a3354bdb6
parent 452fc4773e
2 changed files with 64 additions and 18 deletions
--- a/.github/workflows/DependabotAutoMerge.yml
+++ b/.github/workflows/DependabotAutoMerge.yml
@ -0,0 +1,32 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.metadata.outputs.cvss < 1
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@ -6,27 +6,41 @@
 # separate terms of service, privacy policy, and support
 # documentation.

-name: Dependabot auto-merge
-on: pull_request
+name: Java CI with Maven

-permissions:
-  contents: write
-  pull-requests: write
+on:
+  push:
+    branches:
+      - "master"
+  pull_request:
+    branches:
+      - "master"

 jobs:
-  dependabot:
+  build:
+
    runs-on: ubuntu-latest
-    if: github.event.pull_request.user.login == 'dependabot[bot]'
+
    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v2
+      - uses: actions/checkout@v4
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
        with:
-          alert-lookup: true
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
-        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss < 1
-        run: gh pr merge --auto --merge "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          java-version: '8'
+          distribution: 'corretto'
+      - name: Build with Maven
+        run: mvn -B package --file pom.xml -DskipITs
+
+  backwards-compatible-check:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
+        with:
+          java-version: '8'
+          distribution: 'corretto'
+      - name: Check backwards compatibility of changes
+        run: .github/scripts/backwards_compatibility_check.sh