separate workflow files; edit checker to properly check metadata for cvss

.github/workflows/DependabotAutoMerge.yml

@@ -0,0 +1,32 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.metadata.outputs.cvss < 1
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/maven.yml

@@ -6,27 +6,41 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: Dependabot auto-merge
+name: Java CI with Maven
-on: pull_request
 
-permissions:
+on:
-  contents: write
+  push:
-  pull-requests: write
+    branches:
+      - "master"
+  pull_request:
+    branches:
+      - "master"
 
 jobs:
-  dependabot:
+  build:
+
     runs-on: ubuntu-latest
-    if: github.event.pull_request.user.login == 'dependabot[bot]'
+
     steps:
-      - name: Dependabot metadata
+      - uses: actions/checkout@v4
-        id: metadata
+      - name: Set up JDK 8
-        uses: dependabot/fetch-metadata@v2
+        uses: actions/setup-java@v4
         with:
-          alert-lookup: true
+          java-version: '8'
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          distribution: 'corretto'
-      - name: Enable auto-merge for Dependabot PRs
+      - name: Build with Maven
-        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss < 1
+        run: mvn -B package --file pom.xml -DskipITs
-        run: gh pr merge --auto --merge "$PR_URL"
+
-        env:
+  backwards-compatible-check:
-          PR_URL: ${{github.event.pull_request.html_url}}
+
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
+        with:
+          java-version: '8'
+          distribution: 'corretto'
+      - name: Check backwards compatibility of changes
+        run: .github/scripts/backwards_compatibility_check.sh