From a76b103c6b352e0ec0894d1a2bf626d2fe876a0f Mon Sep 17 00:00:00 2001 From: timo <1398557+timo-a@users.noreply.github.com> Date: Wed, 3 Apr 2024 23:43:03 +0200 Subject: [PATCH] feat(workflow): delete irrelevant workflows --- .github/workflows/cifuzz.yml | 34 -------------- .github/workflows/main.yml | 70 ---------------------------- .github/workflows/release.yml | 82 --------------------------------- .github/workflows/scorecard.yml | 65 -------------------------- 4 files changed, 251 deletions(-) delete mode 100644 .github/workflows/cifuzz.yml delete mode 100644 .github/workflows/main.yml delete mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml deleted file mode 100644 index 3f6893d634..0000000000 --- a/.github/workflows/cifuzz.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: CIFuzz -on: [pull_request] - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }} @ ${{ github.ref }} - cancel-in-progress: true - -jobs: - Fuzzing: - runs-on: ubuntu-latest - steps: - - name: Build Fuzzers - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'jackson-core' - dry-run: false - language: jvm - - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'jackson-core' - fuzz-seconds: 1200 - dry-run: false - language: jvm - - name: Upload Crash - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: failure() && steps.build.outcome == 'success' - with: - name: artifacts - path: ./out/artifacts diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 8890b68593..0000000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: Build and Deploy Snapshot -on: - push: - branches: - - master - - "3.0" - - "2.18" - paths-ignore: - - "README.md" - - "release-notes/*" - pull_request: - branches: - - master - - "3.0" - - "2.18" - paths-ignore: - - "README.md" - - "release-notes/*" -permissions: - contents: read - -jobs: - build: - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - java_version: ['8', '11', '17', '21'] - os: ['ubuntu-20.04'] - env: - JAVA_OPTS: "-XX:+TieredCompilation -XX:TieredStopAtLevel=1" - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 - with: - distribution: 'temurin' - java-version: ${{ matrix.java_version }} - cache: 'maven' - server-id: sonatype-nexus-snapshots - server-username: CI_DEPLOY_USERNAME - server-password: CI_DEPLOY_PASSWORD - # See https://github.com/actions/setup-java/blob/v2/docs/advanced-usage.md#Publishing-using-Apache-Maven - # gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import - # gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase - - name: Build - run: ./mvnw -B -q -ff -ntp verify - - name: Extract project Maven version - id: projectVersion - run: echo "version=$(./mvnw org.apache.maven.plugins:maven-help-plugin:3.3.0:evaluate -DforceStdout -Dexpression=project.version -q)" >>$GITHUB_OUTPUT - - name: Verify Android SDK Compatibility - if: matrix.java_version == '8' - run: ./mvnw -B -q -ff -ntp -DskipTests animal-sniffer:check - - name: Deploy snapshot - if: github.event_name != 'pull_request' && matrix.java_version == '8' && endsWith(steps.projectVersion.outputs.version, '-SNAPSHOT') - env: - CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }} - CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }} - # MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - run: ./mvnw -B -q -ff -DskipTests -ntp source:jar deploy - - name: Generate code coverage - if: github.event_name != 'pull_request' && matrix.java_version == '8' - run: ./mvnw -B -q -ff -ntp test - - name: Publish code coverage - if: github.event_name != 'pull_request' && matrix.java_version == '8' - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 - with: - token: ${{ secrets.CODECOV_TOKEN }} - file: ./target/site/jacoco/jacoco.xml - flags: unittests diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 804d9102ad..0000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,82 +0,0 @@ -# This workflow publishes a new release to Maven central. -# -# The release MUST be initiated by running the release.sh script. That script will run -# ./mvnw release:prepare and make the necessary changes for this workflow to then take -# over and perform the actual release. - -name: Publish new release -on: - push: - tags: - - "*" - - "!*.pr*" - - "!*b" - -permissions: - contents: read - -jobs: - release: - runs-on: "ubuntu-20.04" - env: - JAVA_OPTS: "-XX:+TieredCompilation -XX:TieredStopAtLevel=1" - TAG: ${{ github.ref_name }} - outputs: - hash: ${{ steps.hash.outputs.hash }} - artifact_name: ${{ steps.hash.outputs.artifact_name }} - steps: - - name: Validate version name - run: | - [[ "$TAG" =~ jackson-core-[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)? ]] || exit 1 - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 - with: - distribution: "temurin" - java-version: "8" - cache: "maven" - server-id: sonatype-nexus-staging - server-username: CI_DEPLOY_USERNAME - server-password: CI_DEPLOY_PASSWORD - # See https://github.com/actions/setup-java/blob/v2/docs/advanced-usage.md#Publishing-using-Apache-Maven - gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import - gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase - - name: Perform release - env: - CI_DEPLOY_USERNAME: ${{ secrets.CI_DEPLOY_USERNAME }} - CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - # The following command will only succeed if the preparation was done via the - # release.sh script. - run: ./mvnw -B -q -ff -ntp release:perform -DlocalCheckout=true - - name: Generate hash - id: hash - run: | - ARTIFACT_NAME="$( \ - ./mvnw help:evaluate \ - -Dexpression=project.artifactId -q -DforceStdout)-$( \ - ./mvnw help:evaluate \ - -Dexpression=project.version -q -DforceStdout)" - echo "artifact_name=$ARTIFACT_NAME" >> "$GITHUB_OUTPUT" - - cd ./checkout/target - echo "hash=$( \ - sha256sum $ARTIFACT_NAME*.jar | \ - base64 -w0 \ - )" >> "$GITHUB_OUTPUT" - - echo "DEBUG: After SLSA hash generation we have:" - echo "DEBUG: ARTIFACT_NAME = $ARTIFACT_NAME" - ls ./checkout - ls ./checkout/target - provenance: - needs: [release] - permissions: - actions: read # To read the workflow path. - id-token: write # To sign the provenance. - contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 - with: - base64-subjects: "${{ needs.release.outputs.hash }}" - provenance-name: "${{ needs.release.outputs.artifact_name }}.jar.intoto.jsonl" - upload-assets: true # Optional: Upload to a new release diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index e397d3177d..0000000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,65 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '27 7 * * 0' - push: - branches: [ "2.17" ] - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - - steps: - - name: "Checkout code" - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # you want to enable the Branch-Protection check on a *public* repository - # To create the PAT, follow the steps in - # https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 - with: - sarif_file: results.sarif