chore(deps): update github/codeql-action digest to 7273f08 (#1537) #1402
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow creates a running release please PR, which tracks all changes | |
| # based on semantic PR titles. When that PR is merged, a publish occurs after | |
| # release please increments the version. | |
| on: | |
| push: | |
| branches: | |
| - main | |
| name: Run Release Please | |
| permissions: # added using https://github.com/step-security/secure-workflows | |
| contents: read | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # for googleapis/release-please-action to create release commit | |
| pull-requests: write # for googleapis/release-please-action to create release PR | |
| issues: write # for googleapis/release-please-action to create labels | |
| # Release-please creates a PR that tracks all changes | |
| steps: | |
| - uses: googleapis/release-please-action@v4 | |
| id: release | |
| with: | |
| token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}} | |
| outputs: | |
| release_created: ${{ fromJSON(steps.release.outputs.paths_released)[0] != null }} # if we have a single release path, do the release | |
| publish: | |
| environment: publish | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| needs: release-please | |
| if: ${{ fromJSON(needs.release-please.outputs.release_created || false) }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@e9343db97e09d87a3c50e544105d99fe912c204b | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: maven | |
| server-id: central | |
| server-username: ${{ secrets.CENTRAL_USERNAME }} | |
| server-password: ${{ secrets.CENTRAL_PASSWORD }} | |
| - name: Configure GPG Key | |
| run: | | |
| echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import | |
| env: | |
| GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} | |
| - name: Deploy | |
| run: | | |
| mvn --batch-mode \ | |
| --settings release/m2-settings.xml -DskipTests clean deploy | |
| env: | |
| CENTRAL_USERNAME: ${{ secrets.CENTRAL_USERNAME }} | |
| CENTRAL_PASSWORD: ${{ secrets.CENTRAL_PASSWORD }} |