.github/workflows/ci.yml

name: Java CI
on:
  pull_request:
    paths:
      - '**/*.java'
      - '**/*.proto'
      - '**/*.xml'
      - '**/*.json'
      - '**/*.properties'
      - '**/*.yml'
  push:
    branches: [ master ]
    paths:
      - '**/*.java'
      - '**/*.proto'
      - '**/*.xml'
      - '**/*.json'
      - '**/*.properties'
      - '**/*.yml'
  workflow_dispatch: { }
env:
  SONARCLOUD_TOKEN: ${{ secrets.SONAR_TOKEN }}
jobs:
  build:
    name: Build, Test, and Verify
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: Cache dependencies
        uses: actions/cache@v2.1.3
        continue-on-error: true
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Build
        id: build
        run: mvn -B -U -DskipTests clean package
      - name: Test
        id: test
        timeout-minutes: 20
        run: >
          mvn -B test
      - name: Archive Test Results on Failure
        uses: actions/upload-artifact@v2
        if: failure()
        with:
          name: test-results
          path: target/surefire-reports/
          retention-days: 7

  sonar:
    name: SonarCloud Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        if: ${{ env.SONARCLOUD_TOKEN != null }}
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting
          fetch-depth: 0
      - uses: actions/setup-java@v1
        if: ${{ env.SONARCLOUD_TOKEN != null }}
        with:
          java-version: 11
      - name: Cache dependencies
        if: ${{ env.SONARCLOUD_TOKEN != null }}
        uses: actions/cache@v2.1.3
        continue-on-error: true
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: SonarCloud Scan
        if: ${{ env.SONARCLOUD_TOKEN != null }}
        run: mvn -B clean package sonar:sonar -Psonar
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  compat:
    name: Check Compatibility
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: Cache dependencies
        uses: actions/cache@v2.1.3
        continue-on-error: true
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Verify
        id: verify
        run: mvn -B -DskipTests verify

  vulnerability:
    name: Dependency Vulnerability Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: Cache dependencies
        uses: actions/cache@v2.1.3
        continue-on-error: true
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Check
        id: check
        run: mvn -B -DskipTests package dependency-check:check