FDP-2716 ~ Adds permissions to workflow #112
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Gradle Pipeline | |
on: | |
push: | |
branches: [ "main" ] | |
tags: [ "v**" ] | |
pull_request: | |
branches: [ "main" ] | |
permissions: write-all | |
jobs: | |
build: | |
name: Gradle build and publish | |
timeout-minutes: 30 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
- name: Setup Gradle to generate and submit dependency graphs | |
uses: gradle/actions/setup-gradle@v3 | |
with: | |
dependency-graph: generate-and-submit | |
- name: Build with Gradle | |
run: ./gradlew build integrationTest | |
env: | |
GITHUB_ACTOR: ${{ github.actor }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run sonar analysis with Gradle | |
run: ./gradlew testCodeCoverageReport integrationTestCodeCoverageReport sonar | |
env: | |
GITHUB_ACTOR: ${{ github.actor }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
- name: Publish Maven artifacts | |
if: github.ref == 'refs/heads/main' || github.ref_type == 'tag' | |
run: ./gradlew publish | |
env: | |
GITHUB_ACTOR: ${{ github.actor }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |