amended pom for active support and added to security action

dvsa · May 9, 2024 · 78a0aab · 78a0aab
1 parent 2661028
commit 78a0aab
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 8 deletions.
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -32,7 +32,11 @@ jobs:
           with:
             distribution: "corretto"
             java-version: "11"
-            cache: maven    
+            cache: maven  
+        - uses: whelk-io/maven-settings-xml-action@v22
+          with:
+            servers: '[{ "id":"github-vol-active-support", "configuration": { "httpHeaders": { "property": { "name":"Authorization", "value":"Bearer ${{ secrets.GITHUB_TOKEN }}"} } } } ]'
+
         - run: snyk test --severity-threshold=${{ inputs.severity-threshold || 'high' }} -- -P github 
           env:
             SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
         <nexus.releases>https://nexus.olcs.dev-dvsacloud.uk/repository/maven-releases</nexus.releases>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.version>3.8.1</maven.compiler.version>
-        <active-support.version>2.0.1.7</active-support.version>
+        <active-support.version>2.0.1.10</active-support.version>
         <axe-selenium-version>4.8.0</axe-selenium-version>
         <!--suppress UnresolvedMavenProperty -->
         <rules.scan>${rules}</rules.scan>
@@ -24,12 +24,26 @@
         <github.url>https://maven.pkg.github.com/dvsa/vol-accessibility-lib</github.url>
     </properties>
 
-    <repositories>
-        <repository>
-            <id>maven-releases</id>
-            <url>${nexus.releases}</url>
-        </repository>
-    </repositories>
+    <profiles>
+        <profile>
+            <id>github</id>
+            <repositories>
+                <repository>
+                    <id>central</id>
+                    <url>https://repo1.maven.org/maven2</url>
+                    <releases><enabled>true</enabled></releases>
+                    <snapshots><enabled>true</enabled></snapshots>
+                </repository>
+                <repository>
+                    <id>github-vol-active-support</id>
+                    <name>GitHub dvsa Apache Maven Packages</name>
+                    <url>https://maven.pkg.github.com/dvsa/vol-active-support</url>
+                    <snapshots><enabled>true</enabled></snapshots>
+                    <releases><enabled>true</enabled></releases>
+                </repository>
+            </repositories>
+        </profile>
+    </profiles>
 
     <build>
         <extensions>