This is an automated email from the ASF dual-hosted git repository. vy pushed a commit to branch gha/v0 in repository https://gitbox.apache.org/repos/asf/logging-parent.git
commit 26d22b84224ca6ff608a70a34ab519287a85757d Author: Volkan Yazıcı <[email protected]> AuthorDate: Tue Apr 14 10:51:36 2026 +0200 Copy all reusable workflows verbatim from `main` --- .github/workflows/build-reusable.yaml | 48 ++++++++++++++++ .../workflows/scorecards-analysis-reusable.yaml | 65 ++++++++++++++++++++++ 2 files changed, 113 insertions(+) diff --git a/.github/workflows/build-reusable.yaml b/.github/workflows/build-reusable.yaml index a30c721..1c96d0a 100644 --- a/.github/workflows/build-reusable.yaml +++ b/.github/workflows/build-reusable.yaml @@ -20,6 +20,10 @@ name: build-reusable on: workflow_call: inputs: + develocity-enabled: + description: Enable Develocity Build Scan publication + default: false + type: boolean java-version: description: The Java compiler version default: 17 @@ -53,6 +57,11 @@ on: default: '' type: string + secrets: + DV_ACCESS_TOKEN: + description: Access token to Gradle Enterprise + required: false + env: MAVEN_ARGS: ${{ inputs.maven-args }} @@ -86,6 +95,37 @@ jobs: java-version: ${{ inputs.java-version }} cache: maven + - name: Set up Develocity + if: inputs.develocity-enabled + shell: bash + run: | + if [ -f .mvn/develocity.xml ]; then + DEVELOCITY_VERSION=$(./mvnw help:evaluate -q -DforceStdout -Dexpression=develocity-maven-plugin.version) + USER_DATA_VERSION=$(./mvnw help:evaluate -q -DforceStdout -Dexpression=develocity-user-data-extension.version) + cat >.mvn/extensions.xml <<EOF + <extensions> + <extension> + <groupId>com.gradle</groupId> + <artifactId>develocity-maven-extension</artifactId> + <version>$DEVELOCITY_VERSION</version> + </extension> + <extension> + <groupId>com.gradle</groupId> + <artifactId>common-custom-user-data-maven-extension</artifactId> + <version>$USER_DATA_VERSION</version> + </extension> + </extensions> + EOF + # Print file for debugging purposes + cat .mvn/extensions.xml + fi + + - name: Setup Develocity Build Scan capture + if: inputs.develocity-enabled + uses: gradle/develocity-actions/setup-maven@4a2aed82eea165ba2d5c494fc2a8730d7fdff229 # 1.4 + with: + develocity-access-key: ${{ secrets.DV_ACCESS_TOKEN }} + # We use `install` instead of `verify`, otherwise the build website step below fails - name: Build id: build @@ -107,6 +147,14 @@ jobs: **/target/surefire-reports **/target/logs + - name: Clean up Develocity + if: inputs.develocity-enabled + shell: bash + run: | + rm -f .mvn/extensions.xml + # Clean up changes introduced by gradle/develocity-actions/maven-setup + echo "MAVEN_OPTS=" >> "$GITHUB_ENV" + # Node.js cache is needed for Antora - name: Set up Node.js cache if: inputs.site-enabled diff --git a/.github/workflows/scorecards-analysis-reusable.yaml b/.github/workflows/scorecards-analysis-reusable.yaml new file mode 100644 index 0000000..8094b6c --- /dev/null +++ b/.github/workflows/scorecards-analysis-reusable.yaml @@ -0,0 +1,65 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to you under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: scorecards-analysis + +on: + workflow_call: + +# Explicitly drop all permissions inherited from the caller for security. +# Reference: https://docs.github.com/en/actions/sharing-automations/reusing-workflows#access-and-permissions +permissions: { } + +jobs: + + analysis: + name: "Scorecards analysis" + runs-on: ubuntu-latest + # Permissions required to publish Security Alerts + permissions: + security-events: write + + steps: + + - name: "Checkout code" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # 2.4.2 + with: + results_file: results.sarif + results_format: sarif + # A read-only PAT token, which is sufficient for the action to function. + # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188 + repo_token: ${{ secrets.GITHUB_TOKEN }} + # Publish the results for public repositories to enable scorecard badges. + # For more details: https://github.com/ossf/scorecard-action#publishing-results + publish_results: true + + - name: "Upload artifact" + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # 3.29.0 + with: + sarif_file: results.sarif
