Workflow review and transition to node 20

fugerit-org/fj-universe#29

Author: fugerit79

.github/workflows/build_maven_compatibility.yml

@@ -1,10 +1,8 @@
-# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+# CI maven compatibility check
+#
+# version 1.0.0
+#
+# see : https://universe.fugerit.org/src/docs/conventions/workflows/build_maven_compatibility.html
 
 name: CI maven compatibility check
 
@@ -13,21 +11,21 @@ on:
   # a pull request.
   push:
     branches:
-      - develop
+      - branch-compatibility
 
 jobs:
   check-main:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         distribution: [ 'corretto' ]
-        java: [ '11', '17' ]
+        java: [ '11', '17', '21' ]
         os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
     name: Java ${{ matrix.os }} ${{ matrix.java }} (${{ matrix.distribution }}) compatibility check
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@main
       - name: Setup java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@main
         with:
           distribution: ${{ matrix.distribution }}
           java-version: ${{ matrix.java }}
@@ -42,9 +40,9 @@ jobs:
         os: [ 'ubuntu-latest' ]
     name: Java ${{ matrix.os }} ${{ matrix.java }} (${{ matrix.distribution }}) compatibility check
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@main
       - name: Setup java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@main
         with:
           distribution: ${{ matrix.distribution }}
           java-version: ${{ matrix.java }}
@@ -55,13 +53,13 @@ jobs:
     strategy:
       matrix:
         distribution: [ 'microsoft' ]
-        java: [ '11', '17' ]
+        java: [ '17' ]
         os: [ 'windows-latest' ]
     name: Java ${{ matrix.os }} ${{ matrix.java }} (${{ matrix.distribution }}) compatibility check
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@main
       - name: Setup java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@main
         with:
           distribution: ${{ matrix.distribution }}
           java-version: ${{ matrix.java }}

.github/workflows/build_maven_package.yml

@@ -1,20 +1,19 @@
-# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+# CI with maven build and scan
+#
+# version 1.0.0
+#
+# see : https://universe.fugerit.org/src/docs/conventions/workflows/build_maven_package.html
 
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: CI maven build and sonar cloud scan
+name: CI maven build and scan
 
 on:
   # Trigger analysis when pushing in master or pull requests, and when creating
   # a pull request.
   push:
     branches:
       - main
-      - branch-sonarcloud
+      - develop
+      - branch-preview
   pull_request:
     types:
       - opened
@@ -26,28 +25,31 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@main
         with:
           # Shallow clones should be disabled for a better relevancy of analysis
           fetch-depth: 0
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@main
         with:
           java-version: '17'
           distribution: 'corretto'
           cache: 'maven'
       - name: Cache Maven packages
-        uses: actions/cache@v1
+        uses: actions/cache@main
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
       - name: Cache SonarCloud packages
-        uses: actions/cache@v1
+        uses: actions/cache@main
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
+      - uses: actions/setup-node@main
+        with:
+          node-version: 20
       - name: Maven version
         run: mvn -v
         env:
@@ -63,6 +65,6 @@ jobs:
           # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
-    # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+      # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
       - name: Update dependency graph
-        uses: advanced-security/maven-dependency-submission-action@v3.0.2
+        uses: advanced-security/maven-dependency-submission-action@main

.github/workflows/codeql-analysis.yml

@@ -1,14 +1,15 @@
+# CodeQL
+#
+# version 1.0.0
+#
+# see : https://universe.fugerit.org/src/docs/conventions/workflows/codeql-analysis.html
+
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
+
 name: "CodeQL"
 
 on:
@@ -39,38 +40,45 @@ jobs:
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@main
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@main
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          cache: 'maven'
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@main
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@main
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+      #   If the Autobuild fails above, remove it and uncomment the following three lines.
+      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
+      # - run: |
+      #     echo "Run, Build Application using script"
+      #     ./location_of_script_within_repo/buildscript.sh
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@main
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/deploy_maven_package.yml

@@ -1,36 +1,38 @@
-# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+# CI deploy maven package
+#
+# version 1.0.0
+#
+# see : https://universe.fugerit.org/src/docs/conventions/workflows/deploy_maven_package.html
 
 name: CI deploy maven package 
 
 on:
   push:
     branches:
-    - deploy
+    - branch-deploy
 
 jobs:
   build:
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up JDK 11
-      uses: actions/setup-java@v3
+    - uses: actions/checkout@main
+    - name: Set up JDK 17
+      uses: actions/setup-java@main
       with:
-        java-version: '11'
+        java-version: '17'
         distribution: 'corretto'
         cache: maven
-    - name: Release Maven package
-      uses: samuelmeuli/action-maven-publish@v1
-      with:
-        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-        gpg_passphrase: ${{ secrets.PASSPHRASE }}
-        nexus_username: ${{ secrets.OSS_USERNAME }}
-        nexus_password: ${{ secrets.OSS_PASSWORD }}
-        maven_args: -P doRelease
+        server-id: ossrh
+        server-username: MAVEN_USERNAME
+        server-password: MAVEN_PASSWORD
+    - name: Import gpg
+      run: echo -e "${{ secrets.PASSPHRASE }}" | echo -e "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --allow-secret-key-import --import
+    - name: Build package
+      run: mvn clean install -P full,coverage,metadata
+    - name: Publish package
+      run: mvn --batch-mode deploy -P doRelease
+      env:
+        MAVEN_USERNAME: ${{ secrets.OSS_USERNAME }}
+        MAVEN_PASSWORD: ${{ secrets.OSS_PASSWORD }}

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- [Workflow review and transition to node 20](https://github.com/fugerit-org/fj-universe/issues/29)
+
 ## [0.4.2] - 2023-11-24
 
 ## [0.4.1] - 2023-09-24