Chore: Update CI action

dmaccormack · dmaccormack · commit 30cc9f6805f5 · 2020-05-27T19:23:47.000-04:00
Lock actions to specific versions rather than master. The cache action
has hung sometimes causing the build to fail. I'm hoping this addresses
that and prevents future regressions.

Modify the if condition on snyk and sonarcloud to run on pull_requests
as well as push. Add check against repository_owner so a fork doesn't
fail because of a missing secret.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -19,9 +19,9 @@ jobs:
   artifact:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
+    - uses: actions/checkout@v2
     - name: Set up JDK 8
-      uses: actions/setup-java@master
+      uses: actions/setup-java@v1
       with:
         java-version: 8
     - name: Set artifact version
@@ -30,7 +30,7 @@ jobs:
     - name: Stage artifacts
       run: mvn -B -DaltDeploymentRepository=ossrh::default::file:snapshot/ deploy
     - name: Package artifacts
-      uses: actions/upload-artifact@master
+      uses: actions/upload-artifact@v2
       if: success()
       with:
         name: jsonurl-maven-repository
@@ -45,9 +45,9 @@ jobs:
         os: [macos-latest, ubuntu-latest, windows-latest]
         jdk: [8, 9, 10, 11, 12]
     steps:
-    - uses: actions/checkout@master
+    - uses: actions/checkout@v2
     - name: Set up JDK  ${{ matrix.jdk }}
-      uses: actions/setup-java@master
+      uses: actions/setup-java@v1
       with:
         java-version: ${{ matrix.jdk }}
     - name: Cache Maven dependencies
@@ -66,35 +66,34 @@ jobs:
   snyk:
     needs: artifact
     if: |
-        github.event_name == 'push'
-            && endsWith( github.ref, '/master' )
-            && needs.artifact.result == 'success'
+        needs.artifact.result == 'success'
+          && github.repository_owner == 'jsonurl'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk to check for vulnerabilities
+      - uses: actions/checkout@v2
+      - name: Run Snyk to check ${{ github.ref }} for vulnerabilities
         uses: snyk/actions/maven-3-jdk-11@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   sonarcloud:
     needs: artifact
     if: |
-        github.event_name == 'push'
-            && endsWith( github.ref, '/master' )
-            && needs.artifact.result == 'success'
+        needs.artifact.result == 'success'
+          && github.repository_owner == 'jsonurl'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - run: git fetch --unshallow
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0        
     - name: Set up JDK 11
-      uses: actions/setup-java@master
+      uses: actions/setup-java@v1
       with:
         java-version: 11
     - name: Set artifact version
       run: script/version_snapshot.sh
       shell: bash
-    - name: SonarCloud Scan
+    - name: SonarCloud scan of ${{ github.ref }}
       run: mvn -P jacoco -B -Dsonar.projectKey=jsonurl_jsonurl-java -Dsonar.organization=jsonurl -Dsonar.host.url=https://sonarcloud.io package sonar:sonar
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
