Skip to content

BFD-3805: Fix for 5 vulnerabilities #12981

BFD-3805: Fix for 5 vulnerabilities

BFD-3805: Fix for 5 vulnerabilities #12981

Workflow file for this run

name: 'CI - Java'
on:
pull_request:
merge_group:
env:
# workflow file matchers - workflow jobs will only run if matching files are found
# please see https://github.com/CMSgov/beneficiary-fhir-data/pull/773 for why we
# are using this workflow logic
# NOTE: I can't find anything in the spec that suggests that '\' is used as a string-continuation
# symbol. However, see the following StackOverflow post for an example:
# https://stackoverflow.com/questions/6268391/is-there-a-way-to-represent-a-long-string-that-doesnt-have-any-whitespace-on-mul
workflow_files_re: "(\
^apps/pom.xml|\
^apps/Dockerfile|\
^apps/bfd-|\
^ops/ansible/roles/bfd-db-migrator/|\
^ops/ansible/roles/bfd-pipeline/|\
^ops/ansible/roles/bfd-server/|\
^.github/workflows/ci-ansible.yml|\
^.github/workflows/ci-java.yml)"
jobs:
workflow:
name: Checking workflow
runs-on: ubuntu-20.04
outputs:
files: ${{ steps.workflow_files.outputs.files }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- id: workflow_files
name: Set output
run: |
echo "files<<EOF" >> $GITHUB_OUTPUT
echo "$(git diff --name-only --diff-filter=ACMRTD HEAD^ HEAD | grep -E '${{ env.workflow_files_re }}')" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
mvn-fmt-maven-plugin:
runs-on: ubuntu-20.04
needs: workflow
if: needs.workflow.outputs.files
steps:
- uses: actions/checkout@v4
- name: 'Setup JDK'
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'corretto'
- name: 'Run maven ${{ matrix.mvn_commmand }}'
run: mvn com.spotify.fmt:fmt-maven-plugin:check
working-directory: ./apps
mvn-verify:
runs-on: ubuntu-20.04
needs: workflow
if: needs.workflow.outputs.files
steps:
- name: 'Checkout repo'
uses: actions/checkout@v4
- name: 'Setup JDK'
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'corretto'
cache: 'maven'
- name: 'Run Maven Build'
run: mvn --threads 1C --quiet --batch-mode -Dmaven.build.cache.enabled=false -Dapidocgen.skip=false -DbfdOps.skip=false verify
working-directory: ./apps
# TODO: Conformance testing is currently missing from mvn-verify. BFD-3245 will re-examine conformance regression testing in BFD.