Link fugerit-org/psychic-actions/maven-build-scan stable

fugerit79 · fugerit79 · commit 230d8938786e · 2024-02-23T08:52:20.000+01:00
diff --git a/.github/workflows/build_maven_package.yml b/.github/workflows/build_maven_package.yml
@@ -1,6 +1,6 @@
 # CI with maven build and scan
 #
-# version 1.0.1
+# version 1.1.0
 #
 # see : https://universe.fugerit.org/src/docs/conventions/workflows/build_maven_package.html
 
@@ -25,48 +25,8 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@main
+      - uses: fugerit-org/psychic-actions/maven-build-scan@stable
         with:
-          # Shallow clones should be disabled for a better relevancy of analysis
-          fetch-depth: 0
-      - name: Set up JDK 17
-        uses: actions/setup-java@main
-        with:
-          java-version: '17'
-          distribution: 'corretto'
-          cache: 'maven'
-      - name: Cache Maven packages
-        uses: actions/cache@main
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2
-      - name: Cache SonarCloud packages
-        uses: actions/cache@main
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
-      - uses: actions/setup-node@main
-        with:
-          node-version: 20
-      - name: Maven version
-        run: mvn -v
-        env:
-          # Needed to get some information about the pull request, if any
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      - name: Build and analyze
-        run: mvn -B clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage,full,metadata,sonarfugerit,buildreact -Dsonar.projectKey=fugerit-org_${{github.event.repository.name}}
-        env:
-          # Needed to get some information about the pull request, if any
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
-      # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
-      - name: Update dependency graph
-        # if DISABLE_MAVEN_DEPENDENCY_SUBMISSION is set to true, skip this step
-        if: ${{ vars.DISABLE_MAVEN_DEPENDENCY_SUBMISSION != 'true' }}
-        uses: advanced-security/maven-dependency-submission-action@main
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          sonar-token: ${{ secrets.SONAR_TOKEN }}
+          disable-maven-dependency-submission: ${{ vars.DISABLE_MAVEN_DEPENDENCY_SUBMISSION }}
