Gerrit Composed CLM Scan #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # SPDX-FileCopyrightText: 2026 The Linux Foundation | |
| name: Gerrit Composed CLM Scan | |
| # yamllint disable-line rule:truthy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| GERRIT_BRANCH: | |
| description: "Branch that change is against" | |
| required: true | |
| type: string | |
| GERRIT_CHANGE_ID: | |
| description: "The ID for the change" | |
| required: true | |
| type: string | |
| GERRIT_CHANGE_NUMBER: | |
| description: "The Gerrit number" | |
| required: true | |
| type: string | |
| GERRIT_CHANGE_URL: | |
| description: "URL to the change" | |
| required: true | |
| type: string | |
| GERRIT_EVENT_TYPE: | |
| description: "Type of Gerrit event" | |
| required: true | |
| type: string | |
| GERRIT_PATCHSET_NUMBER: | |
| description: "The patch number for the change" | |
| required: true | |
| type: string | |
| GERRIT_PATCHSET_REVISION: | |
| description: "The revision sha" | |
| required: true | |
| type: string | |
| GERRIT_PROJECT: | |
| description: "Project in Gerrit" | |
| required: true | |
| type: string | |
| GERRIT_REFSPEC: | |
| description: "Gerrit refspec of change" | |
| required: true | |
| type: string | |
| schedule: | |
| # Run weekly on Saturdays at 06:58 UTC | |
| - cron: "58 6 * * 6" | |
| concurrency: | |
| # yamllint disable-line rule:line-length | |
| group: composed-clm-scan-${{ github.workflow }}-${{ github.event.inputs.GERRIT_BRANCH }}-${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| notify: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| steps: | |
| - name: Notify job start | |
| # yamllint disable-line rule:line-length | |
| uses: lfit/gerrit-review-action@a5de1d5bf17c2603ae81544dc2a455017b454ec8 # v1.1.1 | |
| with: | |
| host: ${{ vars.GERRIT_SERVER }} | |
| username: ${{ vars.GERRIT_SSH_USER }} | |
| key: ${{ secrets.GERRIT_SSH_PRIVKEY }} | |
| known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} | |
| gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} | |
| gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} | |
| vote-type: clear | |
| comment-only: true | |
| - name: Allow replication | |
| run: sleep 10s | |
| run-maven-clm: | |
| runs-on: ubuntu-latest | |
| if: ${{ always() && (needs.notify.result == 'success' || github.event_name == 'schedule') }} | |
| needs: [notify] | |
| steps: | |
| - name: Gerrit Checkout | |
| # yamllint disable-line rule:line-length | |
| uses: lfreleng-actions/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 | |
| with: | |
| gerrit-refspec: ${{ inputs.GERRIT_REFSPEC || 'refs/heads/master' }} | |
| gerrit-project: ${{ inputs.GERRIT_PROJECT || github.repository }} | |
| gerrit-url: ${{ vars.GERRIT_URL }} | |
| delay: "0s" | |
| - name: Setup Java | |
| uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 | |
| with: | |
| distribution: temurin | |
| java-version: "21" | |
| - name: Setup Maven | |
| uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5 | |
| with: | |
| maven-version: "3.9.5" | |
| - name: Run Maven Nexus IQ Scan | |
| env: | |
| NEXUS_IQ_PASSWORD: ${{ secrets.NEXUS_IQ_PASSWORD }} | |
| MAVEN_OPTS: "--add-opens=java.base/java.util=ALL-UNNAMED" | |
| run: | | |
| # yamllint disable rule:line-length | |
| mvn clean install dependency:tree com.sonatype.clm:clm-maven-plugin:2.41.0-02:index \ | |
| -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ | |
| -Dmaven.repo.local=/tmp/r \ | |
| -Dorg.ops4j.pax.url.mvn.localRepository=/tmp/r \ | |
| -DaltDeploymentRepository=staging::default::file:"${GITHUB_WORKSPACE}"/m2repo | |
| report-status: | |
| if: ${{ always() && github.event_name == 'workflow_dispatch' }} | |
| needs: [notify, run-maven-clm] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get workflow conclusion | |
| # yamllint disable-line rule:line-length | |
| uses: im-open/workflow-conclusion@8eac7f17381a6917bc04fec3e2c92e70ebc37526 # v3.0.0 | |
| - name: Report workflow conclusion | |
| # yamllint disable-line rule:line-length | |
| uses: lfit/gerrit-review-action@a5de1d5bf17c2603ae81544dc2a455017b454ec8 # v1.1.1 | |
| with: | |
| host: ${{ vars.GERRIT_SERVER }} | |
| username: ${{ vars.GERRIT_SSH_USER }} | |
| key: ${{ secrets.GERRIT_SSH_PRIVKEY }} | |
| known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} | |
| gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} | |
| gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} | |
| vote-type: ${{ env.WORKFLOW_CONCLUSION }} | |
| comment-only: true |