# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: dependency-check

on:
  schedule:
    - cron: "0 3 * * *"
  push:
    paths:
      - '**/pom.xml'
  pull_request:
    paths:
      - '**/pom.xml'

env:
  DEFAULT_MAVEN_OPTS: >-
    -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN
    -Daether.connector.http.retryHandler.count=5
    -Daether.connector.http.connectionMaxTtl=30

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  build:
    timeout-minutes: 30
    runs-on: ubuntu-latest
    name: Dependency Check
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Set up Java Zulu 21
        uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: 21
          cache: 'maven'
      - name: Run Dependency Check
        env:
          MAVEN_OPTS: >-
            ${{ env.DEFAULT_MAVEN_OPTS }}
        run: >
          ./mvnw
          --no-transfer-progress
          --activate-profiles dependency-check
          validate
      - name: Upload Report
        uses: actions/upload-artifact@v4
        with:
          name: dependency-check-report
          path: |
            target/dependency-check-report.html
          retention-days: 7