feat(119): Update Github workflows (#224)

Signed-off-by: SaintierFr <[email protected]>

Author: SaintierFr

.github/dependabot.yml

@@ -0,0 +1,41 @@
+# SPDX-FileCopyrightText: 2021 Alliander N.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+version: 2
+
+registries:
+  maven-github:
+    type: maven-repository
+    url: https://maven.pkg.github.com/com-pas/*
+    username: OWNER
+    password: ${{ secrets.DB_GITHUB_PACKAGES }}
+
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+
+  # Maintain dependencies for Maven
+  - package-ecosystem: "maven"
+    directory: "/"
+    registries:
+      - maven-github
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    ignore:
+      # Next dependencies shouldn't be upgrade automatically, because they need to update associated code
+      - dependency-name: com.sun.xml.bind:jaxb-impl
+        versions: [ "[2.3.3,)" ]
+      - dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
+        versions: [ "[2.3.3,)" ]
+      - dependency-name: org.glassfish.jaxb:jaxb-runtime
+        versions: [ "[2.3.1,)" ]
+      - dependency-name: jakarta.annotation:jakarta.annotation-api
+        versions: [ "[1.3.5,)" ]
+      - dependency-name: org.codehaus.mojo:jaxb2-maven-plugin
+        versions: [ "[2.5.0,)" ]

.github/workflows/automate_projects.yml

@@ -13,30 +13,31 @@ jobs:
     if: ${{ (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }}
     steps:
       - name: add-new-issues-to-repository-based-project-column
-        uses: docker://takanabe/github-actions-automate-projects:v0.0.1
         if: github.event_name == 'issues' && github.event.action == 'opened'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_PROJECT_URL: https://github.com/com-pas/compas-sct/projects/1
-          GITHUB_PROJECT_COLUMN_NAME: To do
+        uses: alex-page/[email protected]
+        with:
+          project: CoMPAS SCT Board
+          column: To do
+          repo-token: ${{ secrets.ORG_GITHUB_ACTION_SECRET }}
       - name: add-new-pull-request-to-repository-based-project-column
-        uses: docker://takanabe/github-actions-automate-projects:v0.0.1
         if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && github.event.action == 'opened'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_PROJECT_URL: https://github.com/com-pas/compas-sct/projects/1
-          GITHUB_PROJECT_COLUMN_NAME: To do
+        uses: alex-page/[email protected]
+        with:
+          project: CoMPAS SCT Board
+          column: To do
+          repo-token: ${{ secrets.ORG_GITHUB_ACTION_SECRET }}
+
       - name: add-new-issues-to-organization-based-project-column
-        uses: docker://takanabe/github-actions-automate-projects:v0.0.1
         if: github.event_name == 'issues' && github.event.action == 'opened'
-        env:
-          GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_ACTION_SECRET }}
-          GITHUB_PROJECT_URL: https://github.com/orgs/com-pas/projects/1
-          GITHUB_PROJECT_COLUMN_NAME: To do
+        uses: alex-page/[email protected]
+        with:
+          project: CoMPAS Issues Overview Board
+          column: To do
+          repo-token: ${{ secrets.ORG_GITHUB_ACTION_SECRET }}
       - name: add-new-pull-request-to-organization-based-project-column
-        uses: docker://takanabe/github-actions-automate-projects:v0.0.1
         if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && github.event.action == 'opened'
-        env:
-          GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_ACTION_SECRET }}
-          GITHUB_PROJECT_URL: https://github.com/orgs/com-pas/projects/2
-          GITHUB_PROJECT_COLUMN_NAME: To do
+        uses: alex-page/[email protected]
+        with:
+          project: CoMPAS Pull Request Overview Board
+          column: To do
+          repo-token: ${{ secrets.ORG_GITHUB_ACTION_SECRET }}

.github/workflows/build-project.yml

@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: 2021 Alliander N.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Build Project
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches:
+      - 'main'
+      - 'develop'
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '17'
+
+      - name: Create custom Maven Settings.xml
+        uses: whelk-io/maven-settings-xml-action@v21
+        with:
+          output_file: custom_maven_settings.xml
+          servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
+      - name: Build with Maven
+        run: mvn -s custom_maven_settings.xml -B clean verify

.github/workflows/release-project.yml

@@ -15,19 +15,23 @@ jobs:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
+
       - name: Extract tag name
         id: extract_tagname
         shell: bash
         # Extra the tagname form the git reference, value of GITHUB_REF will be something like refs/tags/<tag_name>.
         run: echo "##[set-output name=tagname;]$(echo ${GITHUB_REF##*/})"
+
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
           distribution: 'zulu'
           java-version: '17'
+
       - name: Create custom Maven Settings.xml
-        uses: whelk-io/maven-settings-xml-action@v20
+        uses: whelk-io/maven-settings-xml-action@v21
         with:
           output_file: custom_maven_settings.xml
           servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'

.github/workflows/reuse.yml

@@ -10,6 +10,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - name: Checkout
+      uses: actions/checkout@v3
     - name: REUSE Compliance Check
       uses: fsfe/reuse-action@v1

.github/workflows/sonarcloud-analysis.yml

@@ -10,39 +10,67 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    if: ${{ (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - name: Set up JDK 17
-        uses: actions/setup-java@v3
-        with:
-          distribution: 'zulu'
-          java-version: '17'
+
       - name: Cache SonarCloud packages
         uses: actions/cache@v3
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
+
       - name: Cache Maven packages
         uses: actions/cache@v3
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'zulu'
+          java-version: '17'
+
+      - name: Set Common Sonar Variables
+        id: sonar_env
+        run: |
+          echo "##[set-output name=sonar_opts;]$(echo -Dsonar.host.url=https://sonarcloud.io \
+            -Dsonar.projectKey=com-pas_compas-core \
+            -Dsonar.organization=com-pas )"
       - name: Create custom Maven Settings.xml
-        uses: whelk-io/maven-settings-xml-action@v18
+        uses: whelk-io/maven-settings-xml-action@v21
         with:
           output_file: custom_maven_settings.xml
           servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]'
-      - name: Build and analyze
+
+      - name: Build and analyze (Pull Request)
+        if: ${{ github.event_name == 'pull_request' || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          mvn -B -s custom_maven_settings.xml \
+            ${{ steps.sonar_env.outputs.sonar_opts }} \
+            -Dsonar.pullrequest.branch=${{ github.ref_name }} \
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \
+            -Dsonar.pullrequest.base=${{ github.base_ref }} \
+            -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} \
+            clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+      - name: Build and analyze (Push)
+        if: ${{ github.event_name == 'push' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
           mvn -B -s custom_maven_settings.xml \
-            -Dsonar.projectKey=com-pas_compas-sct \
-            -Dsonar.organization=com-pas \
-            -Dsonar.host.url=https://sonarcloud.io \
-            verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+            ${{ steps.sonar_env.outputs.sonar_opts }} \
+            -Dsonar.branch.name=${{ github.ref_name }} \
+            clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar