diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml new file mode 100644 index 0000000..44bf846 --- /dev/null +++ b/.github/workflows/code-scanning.yml @@ -0,0 +1,53 @@ +name: Code scanning + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '33 19 * * *' + +jobs: + static-analysis: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Java JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: temurin + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + - name: Run Detekt & Lint + continue-on-error: true + run: ./gradlew detektMetadataMain lint --continue + - name: Upload SARIF binary + uses: actions/upload-artifact@v4 + with: + name: sarif-reports + path: '**/*.sarif' + + upload-results: + needs: static-analysis + runs-on: ubuntu-latest + permissions: + security-events: write + strategy: + matrix: + path: + - capacity + - percentage + - temperature + steps: + - name: Download scan results + uses: actions/download-artifact@v4 + with: + name: sarif-reports + - uses: github/codeql-action/upload-sarif@v3 + continue-on-error: true + with: + sarif_file: ${{ matrix.path }}/ + category: ${{ matrix.path }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..a592abb --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,93 @@ +name: Publish + +on: + workflow_dispatch: + +jobs: + publish-github: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Java JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: temurin + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + - name: Build + run: ./gradlew publishAllPublicationsToGithubRepository --scan + env: + PUBLISHING: true + ORG_GRADLE_PROJECT_githubUsername: boswelja + ORG_GRADLE_PROJECT_githubToken: ${{ secrets.GITHUB_TOKEN }} + ORG_GRADLE_PROJECT_ossrhUsername: ${{ secrets.OSSRH_USERNAME }} + ORG_GRADLE_PROJECT_ossrhPassword: ${{ secrets.OSSRH_PASSWORD }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }} + + publish-oss: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Java JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: temurin + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + - name: Build + run: ./gradlew publishAllPublicationsToOssRepository --scan + env: + PUBLISHING: true + ORG_GRADLE_PROJECT_githubUsername: boswelja + ORG_GRADLE_PROJECT_githubToken: ${{ secrets.GITHUB_TOKEN }} + ORG_GRADLE_PROJECT_ossrhUsername: ${{ secrets.OSSRH_USERNAME }} + ORG_GRADLE_PROJECT_ossrhPassword: ${{ secrets.OSSRH_PASSWORD }} + ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }} + ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }} + + upload-pages: + runs-on: ubuntu-latest + needs: + - publish-github + - publish-oss + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup Java JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: temurin + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + - name: Build + run: ./gradlew dokkaHtmlMultiModule + - name: Upload Pages Artifact + uses: actions/upload-pages-artifact@v3 + with: + path: "build/dokka/htmlMultiModule/" + + deploy-pages: + runs-on: ubuntu-latest + needs: upload-pages + permissions: + pages: write + id-token: write + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 diff --git a/.idea/detekt.xml b/.idea/detekt.xml index ee7289c..db63476 100644 --- a/.idea/detekt.xml +++ b/.idea/detekt.xml @@ -1,6 +1,11 @@ +