.github/workflows/build.yaml

name: Java CI

on:
  push:
    branches:
      - develop
      - support/4.6
  pull_request:

concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true

permissions:
  checks: write

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            api.adoptopenjdk.net:443
            api.github.com:443
            api.snapcraft.io:443
            auth.docker.io:443
            codecov.io:443
            docker.io:443
            downloads.gradle-dn.com:443
            downloads.gradle.org:443
            github.com:443
            jcenter.bintray.com:443
            objects.githubusercontent.com:443
            plugins.gradle.org:443
            plugins-artifacts.gradle.org:443
            production.cloudflare.docker.com:443
            registry-1.docker.io:443
            repo.maven.apache.org:443
            services.gradle.org:443
            uploader.codecov.io:443
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          lfs: true
      - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
        with:
          distribution: 'adopt'
          java-version: '17'
          cache: 'gradle'
      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ github.run_id }}
      - uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7
      - uses: supercharge/redis-github-action@ea9b21c6ecece47bd99595c532e481390ea0f044 # v1.8.0
      - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4
      - run: ./gradlew --no-daemon check publishToMavenLocal
      - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
      - id: output_version
        run: |
          while read line
          do
            if [ -n "$line" ]
            then
              version=$line
            fi
          done < "version.txt"
          echo "securityJwtVersion=$version" >>$GITHUB_OUTPUT
    outputs:
      securityJwtVersion: ${{ steps.output_version.outputs.securityJwtVersion }}

  integration-tests:
    if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/support/4.6'
    strategy:
      fail-fast: false
      matrix:
        springBootVersion:
          - 3.0.13
          - 3.1.12
          - 3.2.12
          - 3.3.6
          - 3.4.0
    runs-on: ubuntu-latest
    needs: build
    steps:
      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            api.adoptopenjdk.net:443
            api.github.com:443
            auth.docker.io:443
            docker.io:443
            downloads.gradle-dn.com:443
            downloads.gradle.org:443
            github.com:443
            jcenter.bintray.com:443
            objects.githubusercontent.com:443
            plugins.gradle.org:443
            plugins-artifacts.gradle.org:443
            production.cloudflare.docker.com:443
            registry-1.docker.io:443
            repo.maven.apache.org:443
            repo.spring.io:443
            services.gradle.org:443
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          repository: 'bratkartoffel/security-jwt-examples'
          ref: 'master'
          fetch-depth: 1
          lfs: true
      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ github.run_id }}
          restore-keys: |
            ${{ runner.os }}-maven-${{ github.run_id }}
      - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
        with:
          distribution: 'adopt'
          java-version: '17'
          cache: 'gradle'
      - uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7
      - uses: supercharge/redis-github-action@ea9b21c6ecece47bd99595c532e481390ea0f044 # v1.8.0
      - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4
      - run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} check
      - run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} starter-hibernate:dependencies | egrep '(:spring|:security-jwt)' | grep -v -- '->' | sed -e 's/^[+-\\| ]\+//' -e 's/ ([n\*])$//' | sort | uniq