diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4e13d31de0a..262d7ad80f8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,6 +29,12 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 + - uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: '8' + cache: 'maven' + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 @@ -42,7 +48,6 @@ jobs: # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs queries: +security-and-quality - - run: | echo "Building using custom commands" mvn clean package -f "pom.xml" -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Dweb.console.skip=true -Dcyclonedx.skip=true diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml index 0140b37cada..4b1c4db0c68 100644 --- a/.github/workflows/static-checks.yml +++ b/.github/workflows/static-checks.yml @@ -41,20 +41,17 @@ jobs: strategy: fail-fast: false matrix: - java: [ 'jdk8', 'jdk11', 'jdk17' ] + java: [ '8', '11', '17' ] runs-on: ubuntu-latest steps: - name: checkout branch uses: actions/checkout@v3 - - name: set java version - run: | - export jdk=${{ matrix.java }} - echo "java_version=${jdk:3}" >> $GITHUB_ENV - - - name: setup ${{ matrix.java }} - run: | - echo "JAVA_HOME=$JAVA_HOME_${{ env.java_version }}_X64" >> $GITHUB_ENV + - uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: ${{ matrix.java }} + cache: 'maven' - name: packaging check run: | @@ -66,53 +63,53 @@ jobs: - name: script checks # who watches the watchers? - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ./check_test_suite_test.py - name: (openjdk17) strict compilation - if: ${{ matrix.java == 'jdk17' }} + if: ${{ matrix.java == '17' }} # errorprone requires JDK 11+ # Strict compilation requires more than 2 GB run: ${MVN} clean -DstrictCompile compile test-compile --fail-at-end ${MAVEN_SKIP} ${MAVEN_SKIP_TESTS} - name: maven install - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: | echo 'Running Maven install...' && ${MVN} clean install -q -ff -pl '!distribution,!:druid-it-image,!:druid-it-cases' ${MAVEN_SKIP} ${MAVEN_SKIP_TESTS} -T1C && ${MVN} install -q -ff -pl 'distribution' ${MAVEN_SKIP} ${MAVEN_SKIP_TESTS} - name: checkstyle - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ${MVN} checkstyle:checkstyle --fail-at-end - name: license checks - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ./.github/scripts/license_checks_script.sh - name: analyze dependencies - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: | ./.github/scripts/analyze_dependencies_script.sh - name: animal sniffer checks - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ${MVN} animal-sniffer:check --fail-at-end - name: enforcer checks - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ${MVN} enforcer:enforce --fail-at-end - name: forbidden api checks - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ${MVN} forbiddenapis:check forbiddenapis:testCheck --fail-at-end - name: pmd checks - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ${MVN} pmd:check --fail-at-end # TODO: consider adding pmd:cpd-check - name: spotbugs checks - if: ${{ matrix.java == 'jdk8' }} + if: ${{ matrix.java == '8' }} run: ${MVN} spotbugs:check --fail-at-end -pl '!benchmarks' intellij-inspections: @@ -123,9 +120,11 @@ jobs: - name: checkout branch uses: actions/checkout@v3 - - name: setup JDK8 - run: | - echo "JAVA_HOME=$JAVA_HOME_8_X64" >> $GITHUB_ENV + - uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: '8' + cache: 'maven' - name: maven install run: | @@ -153,9 +152,11 @@ jobs: - name: checkout branch uses: actions/checkout@v3 - - name: setup JDK17 - run: | - echo "JAVA_HOME=$JAVA_HOME_17_X64" >> $GITHUB_ENV + - uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: '17' + cache: 'maven' - name: setup node uses: actions/setup-node@v3