This is an automated email from the ASF dual-hosted git repository.
sruehl pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/plc4x-extras.git
The following commit(s) were added to refs/heads/main by this push:
new 6945457 chore: add actions
6945457 is described below
commit 69454572b3bcc9ee35abf6956fc583b462871a5a
Author: Sebastian RΓΌhl <sru...@apache.org>
AuthorDate: Mon Apr 8 09:13:33 2024 +0200
chore: add actions
---
.github/ISSUE_TEMPLATE/bug.yml | 78 +++++++++
.github/ISSUE_TEMPLATE/feature.yml | 66 ++++++++
.github/dependabot.yml | 33 ++++
.github/release-drafter.yml | 49 ++++++
.github/workflows/c-platform.yml | 132 +++++++++++++++
.github/workflows/changelog.yml | 35 ++++
.github/workflows/codeql-analysis.yml | 76 +++++++++
.github/workflows/dependency-review.yml | 42 +++++
.github/workflows/go-platform-test-report.yml | 45 ++++++
.github/workflows/go-platform.yml | 207 ++++++++++++++++++++++++
.github/workflows/java-platform-test-report.yml | 46 ++++++
.github/workflows/java-platform.yml | 160 ++++++++++++++++++
.github/workflows/python-platform.yml | 153 ++++++++++++++++++
.github/workflows/release-drafter.yml | 61 +++++++
.github/workflows/sast.yaml | 52 ++++++
15 files changed, 1235 insertions(+)
diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml
new file mode 100644
index 0000000..9de28a8
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -0,0 +1,78 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Bug Report
+description: File a bug report
+title: "[Bug]: "
+labels: ["bug", "awaiting triage"]
+assignees:
+ - octocat
+body:
+ - type: markdown
+ attributes:
+ value: |
+ Thanks for taking the time to fill out this bug report! Once you've
created an issue, you can self-assign by commenting `.take-issue` and you can
close by commenting `.close-issue`.
+ Anyone can reopen a closed issue by commenting `.reopen-issue`.
+ You can also add/remove labels by commenting `.add-labels
label1,label2,'label 3 with spaces'` or `.remove-labels label1,label2,'label 3
with spaces'`,
+ or with `.set-labels label1,label2,'label 3 with spaces'` (which
removes any labels not in that set).
+ - type: textarea
+ id: what-happened
+ attributes:
+ label: What happened?
+ description: Please describe your issue, including the PLC model or
tools being used.
+ placeholder: |
+ Please include steps to reproduce your issue.
+
+ If this isn't a bug and you have a question or support request, please
email iss...@plc4x.apache.org with a description of the problem instead of
opening this issue.
+ validations:
+ required: true
+ - type: input
+ id: version
+ attributes:
+ label: Version
+ description: "Which version are you using?"
+ placeholder: "v0.10.0"
+ validations:
+ required: true
+ - type: checkboxes
+ id: programming-language
+ attributes:
+ label: Programming Languages
+ description: Which languages are related to your report? (check all that
apply)
+ options:
+ - label: "plc4j"
+ - label: "plc4go"
+ - label: "plc4c"
+ - label: "plc4net"
+ - type: checkboxes
+ id: protocols
+ attributes:
+ label: Protocols
+ description: Which protocols are related to your report? (check all that
apply)
+ options:
+ - label: "AB-Ethernet"
+ - label: "ADS /AMS"
+ - label: "BACnet/IP"
+ - label: "CANopen"
+ - label: "DeltaV"
+ - label: "DF1"
+ - label: "EtherNet/IP"
+ - label: "Firmata"
+ - label: "KNXnet/IP"
+ - label: "Modbus"
+ - label: "OPC-UA"
+ - label: "S7"
diff --git a/.github/ISSUE_TEMPLATE/feature.yml
b/.github/ISSUE_TEMPLATE/feature.yml
new file mode 100644
index 0000000..e05bf45
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -0,0 +1,66 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Feature Request
+description: File a feature request
+title: "[Feature Request]: "
+labels: ["new feature", "awaiting triage"]
+assignees:
+ - octocat
+body:
+ - type: markdown
+ attributes:
+ value: |
+ Thanks for taking the time to fill out this feature request! Once
you've created an issue, you can self-assign by commenting `.take-issue` and
you can close by commenting `.close-issue`.
+ Anyone can reopen a closed issue by commenting `.reopen-issue`.
+ You can also add/remove labels by commenting `.add-labels
label1,label2,'label 3 with spaces'` or `.remove-labels label1,label2,'label 3
with spaces'`,
+ or with `.set-labels label1,label2,'label 3 with spaces'` (which
removes any labels not in that set).
+ - type: textarea
+ id: what-happened
+ attributes:
+ label: What would you like to happen?
+ description: Please describe your issue
+ validations:
+ required: true
+ - type: checkboxes
+ id: programming-language
+ attributes:
+ label: Programming Languages
+ description: Which languages are related to your report? (check all that
apply)
+ options:
+ - label: "plc4j"
+ - label: "plc4go"
+ - label: "plc4c"
+ - label: "plc4net"
+ - type: checkboxes
+ id: protocols
+ attributes:
+ label: Protocols
+ description: Which protocols are related to your report? (check all that
apply)
+ options:
+ - label: "AB-Ethernet"
+ - label: "ADS /AMS"
+ - label: "BACnet/IP"
+ - label: "CANopen"
+ - label: "DeltaV"
+ - label: "DF1"
+ - label: "EtherNet/IP"
+ - label: "Firmata"
+ - label: "KNXnet/IP"
+ - label: "Modbus"
+ - label: "OPC-UA"
+ - label: "S7"
\ No newline at end of file
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..bc41d6c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,33 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+version: 2
+updates:
+- package-ecosystem: maven
+ directory: /
+ schedule:
+ interval: daily
+- package-ecosystem: github-actions
+ directory: /
+ schedule:
+ interval: daily
+- package-ecosystem: gomod
+ directory: plc4go
+ schedule:
+ interval: daily
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
new file mode 100644
index 0000000..6c1890a
--- /dev/null
+++ b/.github/release-drafter.yml
@@ -0,0 +1,49 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name-template: 'v$RESOLVED_VERSION π'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+ - title: 'π Features'
+ labels:
+ - 'feature'
+ - 'enhancement'
+ - title: 'π Bug Fixes'
+ labels:
+ - 'fix'
+ - 'bugfix'
+ - 'bug'
+ - title: 'π§° Maintenance'
+ label: 'chore'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and
add ` to disable code blocks.
+version-resolver:
+ major:
+ labels:
+ - 'major'
+ minor:
+ labels:
+ - 'minor'
+ patch:
+ labels:
+ - 'patch'
+ default: patch
+template: |
+ ## Changes
+
+ $CHANGES
diff --git a/.github/workflows/c-platform.yml b/.github/workflows/c-platform.yml
new file mode 100644
index 0000000..5d09a12
--- /dev/null
+++ b/.github/workflows/c-platform.yml
@@ -0,0 +1,132 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: "C Platform compatibility"
+
+on:
+ push:
+ branches: [ "develop", "plc4c" ]
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4c**
+ pull_request:
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4c**
+ workflow_dispatch:
+ inputs:
+ forceUpdates:
+ description: "Forces a snapshot update"
+ required: false
+ default: 'false'
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ test:
+ strategy:
+ matrix:
+ # 8 not anymore supported for building
+ java: [ 17 ]
+ os: [ ubuntu-latest, macos-latest, windows-latest ]
+ fail-fast: false
+ runs-on: ${{ matrix.os }}
+ steps:
+ - name: Install libpcap for Linux
+ if: matrix.os == 'ubuntu-latest'
+ run: sudo apt-get install libpcap-dev
+
+ - name: Install libpcap for macos
+ if: matrix.os == 'macos-latest'
+ run: brew install libpcap
+
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'adopt'
+ java-package: jdk
+ java-version: ${{ matrix.java }}
+
+ - name: Cache local Maven repository
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-maven-
+
+ - name: Set Platform options
+ id: platform_opts
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_opts', ``)
+ } else if (OS.includes("macos")) {
+ core.setOutput('platform_opts', `-Djna.library.path="$(find
/usr/local/Cellar/libpcap/ -name lib)"`)
+ } else if (OS.includes("ubuntu")) {
+ core.setOutput('platform_opts', ``)
+ } else {
+ core.setOutput('platform_opts', ``)
+ }
+
+ - name: Calculate platform suffix
+ id: platform_suffix
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_suffix', `.cmd`)
+ } else {
+ core.setOutput('platform_suffix', ``)
+ }
+
+ - name: Set extra options
+ id: extra_options
+ uses: actions/github-script@v7.0.1
+ env:
+ FORCE_UPDATE: ${{ github.event.inputs.forceUpdates }}
+ with:
+ script: |
+ const { FORCE_UPDATE } = process.env
+ if (FORCE_UPDATE.includes("true")) {
+ core.setOutput('extra_options', `-U`)
+ } else {
+ core.setOutput('extra_options', ``)
+ }
+
+ # Note: due to github has no concept of recovering from a fail even if
we have our fallback below we append a second un-parallel run behind this to be
sure that it works with all checks. Only if that fails too we are ok with a
"red" (which should be yellow) cross indicating a problem
+ - name: Run mvnw
+ run: |
+ ./mvnw${{ steps.platform_suffix.outputs.platform_suffix }} ${{
steps.extra_options.outputs.extra_options }} -B
-P'with-c,enable-all-checks,update-generated-code' -pl :plc4c -am ${{
steps.platform_opts.outputs.platform_opts }} install
+
+ - name: Run mvnv without BacNet regression tests
+ if: ${{ failure() }}
+ run: ./mvnw${{ steps.platform_suffix.outputs.platform_suffix }} ${{
steps.extra_options.outputs.extra_options }} -B
-P'with-c,skip-bacnet-regression-test,update-generated-code' -pl :plc4c -am ${{
steps.platform_opts.outputs.platform_opts }} install
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
new file mode 100644
index 0000000..64ea2bd
--- /dev/null
+++ b/.github/workflows/changelog.yml
@@ -0,0 +1,35 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: 'Generate changelog'
+on:
+ release:
+ types: [created, edited]
+
+jobs:
+ generate-changelog:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ - uses: BobAnkh/auto-generate-changelog@v1.2.5
+ with:
+ ACCESS_TOKEN: ${{secrets.GITHUB_TOKEN}}
+ TYPE: 'feat:Feature,fix:Bug
Fixes,docs:Documentation,refactor:Refactor,perf:Performance Improvements'
+ PATH: 'CHANGELOG.md'
diff --git a/.github/workflows/codeql-analysis.yml
b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000..afc5904
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,76 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: "CodeQL"
+
+on:
+ schedule:
+ - cron: '17 19 * * 3'
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript',
'python' ]
+ ## cpp and csharp not ready yet
+ #language: [ 'cpp', 'csharp', 'go', 'java', 'python' ]
+ language: [ 'go', 'java', 'python' ]
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a
config file.
+ # By default, queries listed here will override any specified in a
config file.
+ # Prefix the list here with "+" to use these queries and those in the
config file.
+ # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually
(see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v3
+
+ # βΉοΈ Command-line programs to run using the OS shell.
+ # π https://git.io/JvXDl
+
+ # βοΈ If the Autobuild fails above, remove it and uncomment the following
three lines
+ # and modify them (or add more) to build your code if your project
+ # uses a compiled language
+
+ #- run: |
+ # make bootstrap
+ # make release
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dependency-review.yml
b/.github/workflows/dependency-review.yml
new file mode 100644
index 0000000..63e1ec9
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,42 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a
Pull Request, surfacing known-vulnerable versions of the packages declared or
updated in the PR. Once installed, if the workflow run is marked as required,
PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation:
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency Review'
+on: [pull_request]
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+permissions:
+ contents: read
+
+jobs:
+ dependency-review:
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Checkout Repository'
+ uses: actions/checkout@v4
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@v4
diff --git a/.github/workflows/go-platform-test-report.yml
b/.github/workflows/go-platform-test-report.yml
new file mode 100644
index 0000000..cb69ad8
--- /dev/null
+++ b/.github/workflows/go-platform-test-report.yml
@@ -0,0 +1,45 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: 'Go Platform Test Report'
+
+on:
+ workflow_run:
+ workflows: [ 'Go Platform compatibility' ]
+ types:
+ - completed
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ report:
+ strategy:
+ matrix:
+ # 8 not anymore supported for building
+ java: [ 17 ]
+ os: [ ubuntu-latest, macos-latest, windows-latest ]
+ fail-fast: false
+ runs-on: ${{ matrix.os }}
+ steps:
+ - uses: dorny/test-reporter@v1
+ with:
+ artifact: "golang-test-report-${{ matrix.os }}"
+ name: "Golang Tests (OS: ${{ matrix.os }})"
+ path: '**/*.xml'
+ reporter: java-junit
\ No newline at end of file
diff --git a/.github/workflows/go-platform.yml
b/.github/workflows/go-platform.yml
new file mode 100644
index 0000000..2795d84
--- /dev/null
+++ b/.github/workflows/go-platform.yml
@@ -0,0 +1,207 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: "Go Platform compatibility"
+
+on:
+ push:
+ branches: [ "develop", "plc4go" ]
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4go**
+ pull_request:
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4go**
+ workflow_dispatch:
+ inputs:
+ forceUpdates:
+ description: "Forces a snapshot update"
+ required: false
+ default: 'false'
+ highLogPrecision:
+ description: "sets the logs to nano resolution"
+ required: false
+ default: 'false'
+ passLoggerToModel:
+ description: "passes the logger to the model"
+ required: false
+ default: 'false'
+ receiveTimeout:
+ description: "sets the receive timeout to milliseconds"
+ required: false
+ default: '600000'
+ traceTransactionManagerWorkers:
+ description: "sets tracing for transaction manager workers"
+ required: false
+ default: 'false'
+ traceTransactionManagerTransactions:
+ description: "sets tracing for transaction manager transactions"
+ required: false
+ default: 'false'
+ traceDefaultMessageCodecWorker:
+ description: "sets tracing for the default message codec worker"
+ required: false
+ default: 'false'
+ traceExecutorWorkers:
+ description: "sets tracing for executor workers"
+ required: false
+ default: 'false'
+ traceTestTransportInstance:
+ description: "sets tracing for test transport instance"
+ required: false
+ default: 'false'
+
+env:
+ PLC4X_TEST_HIGH_TEST_LOG_PRECISION: ${{ github.event.inputs.highLogPrecision
}}
+ PLC4X_TEST_PASS_LOGGER_TO_MODEL: ${{ github.event.inputs.passLoggerToModel }}
+ PLC4X_TEST_RECEIVE_TIMEOUT_MS: ${{ github.event.inputs.receiveTimeout }}
+ PLC4X_TEST_TRACE_TRANSACTION_MANAGER_WORKERS: ${{
github.event.inputs.traceTransactionManagerWorkers }}
+ PLC4X_TEST_TRACE_TRANSACTION_MANAGER_TRANSACTIONS: ${{
github.event.inputs.traceTransactionManagerTransactions }}
+ PLC4X_TEST_TRACE_DEFAULT_MESSAGE_CODEC_WORKER: ${{
github.event.inputs.traceDefaultMessageCodecWorker }}
+ PLC4X_TEST_TRACE_EXECUTOR_WORKERS: ${{
github.event.inputs.traceExecutorWorkers }}
+ PLC4X_TEST_TEST_TRANSPORT_INSTANCE: ${{
github.event.inputs.traceTestTransportInstance }}
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ test:
+ strategy:
+ matrix:
+ # 8 not anymore supported for building
+ java: [ 17 ]
+ os: [ ubuntu-latest, macos-latest, windows-latest ]
+ fail-fast: false
+ runs-on: ${{ matrix.os }}
+ steps:
+ - name: Install libpcap for Linux
+ if: matrix.os == 'ubuntu-latest'
+ run: sudo apt-get install libpcap-dev
+
+ - name: Install libpcap for macos
+ if: matrix.os == 'macos-latest'
+ run: brew install libpcap
+
+ - name: Install libpcap for windows
+ if: matrix.os == 'windows-latest'
+ run: choco install -y nmap
+
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'adopt'
+ java-package: jdk
+ java-version: ${{ matrix.java }}
+
+ - name: Cache local Maven repository
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-maven-
+
+ - name: Set Platform options
+ id: platform_opts
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_opts', ``)
+ } else if (OS.includes("macos")) {
+ core.setOutput('platform_opts', `-Djna.library.path="$(find
/usr/local/Cellar/libpcap/ -name lib)"`)
+ } else if (OS.includes("ubuntu")) {
+ core.setOutput('platform_opts', ``)
+ } else {
+ core.setOutput('platform_opts', ``)
+ }
+
+ - name: Calculate platform suffix
+ id: platform_suffix
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_suffix', `.cmd`)
+ } else {
+ core.setOutput('platform_suffix', ``)
+ }
+
+ - name: Set extra options
+ id: extra_options
+ uses: actions/github-script@v7.0.1
+ env:
+ FORCE_UPDATE: ${{ github.event.inputs.forceUpdates }}
+ with:
+ script: |
+ const { FORCE_UPDATE } = process.env
+ if (FORCE_UPDATE.includes("true")) {
+ core.setOutput('extra_options', `-U`)
+ } else {
+ core.setOutput('extra_options', ``)
+ }
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: go
+
+ - name: Check LongPathsEnabled on Windows
+ if: matrix.os == 'windows-latest'
+ run: |
+ (Get-ItemProperty
"HKLM:System\CurrentControlSet\Control\FileSystem").LongPathsEnabled
+
+ # Note: due to github has no concept of recovering from a fail even if
we have our fallback below we append a second un-parallel run behind this to be
sure that it works with all checks. Only if that fails too we are ok with a
"red" (which should be yellow) cross indicating a problem
+ - name: Run mvnw
+ run: |
+ ./mvnw${{ steps.platform_suffix.outputs.platform_suffix }} ${{
steps.extra_options.outputs.extra_options }} -B
-P'with-go,enable-all-checks,update-generated-code' -pl :plc4go -am ${{
steps.platform_opts.outputs.platform_opts }} install
+
+ - name: Upload Test Report (first failure)
+ uses: actions/upload-artifact@v4
+ if: failure()
+ with:
+ name: "golang-test-report-first-failure-${{ matrix.os }}"
+ path: |
+ **/surefire-reports/go-junit-report.xml
+ **/reports/test-out-verbose.log
+
+ - name: Run mvnv without BacNet regression tests
+ if: ${{ failure() }}
+ run: ./mvnw${{ steps.platform_suffix.outputs.platform_suffix }} ${{
steps.extra_options.outputs.extra_options }} -B
-P'with-go,skip-bacnet-regression-test,update-generated-code' -pl :plc4go -am
${{ steps.platform_opts.outputs.platform_opts }} install
+
+ - name: Upload Test Report
+ uses: actions/upload-artifact@v4
+ if: success() || failure()
+ with:
+ name: "golang-test-report-${{ matrix.os }}"
+ path: |
+ **/surefire-reports/go-junit-report.xml
+ **/reports/test-out-verbose.log
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/java-platform-test-report.yml
b/.github/workflows/java-platform-test-report.yml
new file mode 100644
index 0000000..72962a7
--- /dev/null
+++ b/.github/workflows/java-platform-test-report.yml
@@ -0,0 +1,46 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: 'Java Platform Test Report'
+
+on:
+ workflow_run:
+ workflows: [ 'Java Platform compatibility' ]
+ types:
+ - completed
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ report:
+ strategy:
+ matrix:
+ java: [ 11, 17, 21 ]
+ # TODO: only works on windows due to
https://github.com/dorny/test-reporter/issues/249
+ #os: [ ubuntu-latest, macos-latest, windows-latest ]
+ os: [ windows-latest ]
+ fail-fast: false
+ runs-on: ${{ matrix.os }}
+ steps:
+ - uses: dorny/test-reporter@v1
+ with:
+ artifact: "java-test-report-${{ matrix.os }}-java-${{ matrix.java }}"
+ name: "Java Tests (OS: ${{ matrix.os }}, Java: ${{ matrix.java }})"
+ path: '**/*.xml'
+ reporter: java-junit
\ No newline at end of file
diff --git a/.github/workflows/java-platform.yml
b/.github/workflows/java-platform.yml
new file mode 100644
index 0000000..77a9a9e
--- /dev/null
+++ b/.github/workflows/java-platform.yml
@@ -0,0 +1,160 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: "Java Platform compatibility"
+
+on:
+ push:
+ branches: [ "develop", "plc4j" ]
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4j**
+ - pom.xml
+ pull_request:
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4j**
+ - pom.xml
+ workflow_dispatch:
+ inputs:
+ forceUpdates:
+ description: "Forces a snapshot update"
+ required: false
+ default: 'false'
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ test:
+ strategy:
+ matrix:
+ # 8 not anymore supported for building
+ java: [ 11, 17, 21 ]
+ os: [ ubuntu-latest, macos-latest, windows-latest ]
+ fail-fast: false
+ runs-on: ${{ matrix.os }}
+ steps:
+ - name: Install libpcap for Linux
+ if: matrix.os == 'ubuntu-latest'
+ run: sudo apt-get install libpcap-dev
+
+ - name: Install libpcap for macos
+ if: matrix.os == 'macos-latest'
+ run: brew install libpcap
+
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'adopt'
+ java-package: jdk
+ java-version: ${{ matrix.java }}
+
+ - name: Cache local Maven repository
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-maven-
+
+ - name: Set Platform options
+ id: platform_opts
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_opts', ``)
+ } else if (OS.includes("macos")) {
+ core.setOutput('platform_opts', `-Djna.library.path="$(find
/usr/local/Cellar/libpcap/ -name lib)"`)
+ } else if (OS.includes("ubuntu")) {
+ core.setOutput('platform_opts', ``)
+ } else {
+ core.setOutput('platform_opts', ``)
+ }
+
+ - name: Calculate platform suffix
+ id: platform_suffix
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_suffix', `.cmd`)
+ } else {
+ core.setOutput('platform_suffix', ``)
+ }
+
+ - name: Set extra options
+ id: extra_options
+ uses: actions/github-script@v7.0.1
+ env:
+ FORCE_UPDATE: ${{ github.event.inputs.forceUpdates }}
+ with:
+ script: |
+ const { FORCE_UPDATE } = process.env
+ if (FORCE_UPDATE.includes("true")) {
+ core.setOutput('extra_options', `-U`)
+ } else {
+ core.setOutput('extra_options', ``)
+ }
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: java
+
+ # Note: due to github has no concept of recovering from a fail even if
we have our fallback below we append a second un-parallel run behind this to be
sure that it works with all checks. Only if that fails too we are ok with a
"red" (which should be yellow) cross indicating a problem
+ - name: Run mvnw
+ run: |
+ ./mvnw${{ steps.platform_suffix.outputs.platform_suffix }} ${{
steps.extra_options.outputs.extra_options }} -B
-P'with-java,enable-all-checks,update-generated-code' ${{
steps.platform_opts.outputs.platform_opts }} install
+
+ - name: Upload Test Report (first failure)
+ uses: actions/upload-artifact@v4
+ if: failure()
+ with:
+ name: "java-test-report-first-failure-${{ matrix.os }}-java-${{
matrix.java }}"
+ path: |
+ **/surefire-reports/TEST-*.xml
+ **/failsafe-reports/TEST-*.xml
+
+ - name: Run mvnv without BacNet regression tests
+ if: ${{ failure() }}
+ run: ./mvnw${{ steps.platform_suffix.outputs.platform_suffix }} ${{
steps.extra_options.outputs.extra_options }} -B
-P'with-java,skip-bacnet-regression-test,update-generated-code' ${{
steps.platform_opts.outputs.platform_opts }} install
+
+ - name: Upload Test Report
+ uses: actions/upload-artifact@v4
+ if: success() || failure()
+ with:
+ name: "java-test-report-${{ matrix.os }}-java-${{ matrix.java }}"
+ path: |
+ **/surefire-reports/TEST-*.xml
+ **/failsafe-reports/TEST-*.xml
+
+# - name: Perform CodeQL Analysis
+# uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/python-platform.yml
b/.github/workflows/python-platform.yml
new file mode 100644
index 0000000..54e7463
--- /dev/null
+++ b/.github/workflows/python-platform.yml
@@ -0,0 +1,153 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: "Python Platform Compatibility"
+
+on:
+ push:
+ branches: [ "develop", "plc4py" ]
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4py**
+ pull_request:
+ branches: [ "develop", "plc4py" ]
+ paths:
+ - code-generation/**
+ - protocols/**
+ - plc4py**
+ workflow_dispatch:
+ inputs:
+ forceUpdates:
+ description: "Forces a snapshot update"
+ required: false
+ default: 'false'
+
+permissions:
+ contents: read
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ test:
+ strategy:
+ matrix:
+ python-version: [ '3.7', '3.8', '3.9', '3.10', '3.11' ]
+ os: [ ubuntu-latest, macos-latest, windows-latest ]
+ fail-fast: false
+ runs-on: ${{ matrix.os }}
+ steps:
+ - name: Install libpcap for Linux
+ if: matrix.os == 'ubuntu-latest'
+ run: sudo apt-get install libpcap-dev
+
+ - name: Install libpcap for macos
+ if: matrix.os == 'macos-latest'
+ run: brew install libpcap
+
+ - uses: actions/checkout@v4
+ - name: Set up Python
+ uses: actions/setup-python@v5
+ with:
+ python-version: '${{ matrix.python-version }}'
+
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'adopt'
+ java-package: jdk
+ java-version: 17
+
+ - name: Set Platform options
+ id: platform_opts
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_opts', ``)
+ } else if (OS.includes("macos")) {
+ core.setOutput('platform_opts', `-Djna.library.path="$(find
/usr/local/Cellar/libpcap/ -name lib)"`)
+ } else if (OS.includes("ubuntu")) {
+ core.setOutput('platform_opts', ``)
+ } else {
+ core.setOutput('platform_opts', ``)
+ }
+
+ - name: Calculate platform suffix
+ id: platform_suffix
+ uses: actions/github-script@v7.0.1
+ env:
+ OS: ${{ matrix.os }}
+ with:
+ script: |
+ const { OS } = process.env
+ if (OS.includes("windows")) {
+ core.setOutput('platform_suffix', `.cmd`)
+ } else {
+ core.setOutput('platform_suffix', ``)
+ }
+
+ - name: Set extra options
+ id: extra_options
+ uses: actions/github-script@v7.0.1
+ env:
+ FORCE_UPDATE: ${{ github.event.inputs.forceUpdates }}
+ with:
+ script: |
+ const { FORCE_UPDATE } = process.env
+ if (FORCE_UPDATE.includes("true")) {
+ core.setOutput('extra_options', `-U`)
+ } else {
+ core.setOutput('extra_options', ``)
+ }
+
+ - name: Cache local Maven repository
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-maven-
+
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install flake8 pytest
+
+# - name: Lint with flake8
+# run: |
+# # stop the build if there are Python syntax errors or undefined
names
+# flake8 ./plc4py --count --select=E9,F63,F7,F82 --show-source
--statistics
+# # exit-zero treats all errors as warnings. The GitHub editor is 127
chars wide
+# flake8 ./plc4py --count --exit-zero --max-complexity=10
--max-line-length=127 --statistics
+
+# - name: Initialize CodeQL
+# uses: github/codeql-action/init@v2
+# with:
+# languages: python
+
+ - name: Run mvnw
+ run: |
+ ./mvnw${{ steps.platform_suffix.outputs.platform_suffix }} ${{
steps.extra_options.outputs.extra_options }} -B
-P'with-python,enable-all-checks,update-generated-code' -pl :plc4py -am ${{
steps.platform_opts.outputs.platform_opts }} install
+
+# - name: Perform CodeQL Analysis
+# uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/release-drafter.yml
b/.github/workflows/release-drafter.yml
new file mode 100644
index 0000000..7d4b7c0
--- /dev/null
+++ b/.github/workflows/release-drafter.yml
@@ -0,0 +1,61 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: Release Drafter
+
+on:
+ push:
+ branches:
+ - develop
+ # pull_request event is required only for autolabeler
+ pull_request:
+ # Only following types are handled by the action, but one can default to
all as well
+ types: [opened, reopened, synchronize]
+ # pull_request_target event is required for autolabeler to support PRs from
forks
+ # pull_request_target:
+ # types: [opened, reopened, synchronize]
+
+permissions:
+ contents: read
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ update_release_draft:
+ permissions:
+ # write permission is required to create a github release
+ contents: write
+ # write permission is required for autolabeler
+ # otherwise, read permission is required at least
+ pull-requests: write
+ runs-on: ubuntu-latest
+ steps:
+ # (Optional) GitHub Enterprise requires GHE_HOST variable set
+ #- name: Set GHE_HOST
+ # run: |
+ # echo "GHE_HOST=${GITHUB_SERVER_URL##https:\/\/}" >> $GITHUB_ENV
+
+ # Drafts your next Release notes as Pull Requests are merged into
"master"
+ - uses: release-drafter/release-drafter@v6
+ # (Optional) specify config name to use, relative to .github/.
Default: release-drafter.yml
+ # with:
+ # config-name: my-config.yml
+ # disable-autolabeler: true
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/sast.yaml b/.github/workflows/sast.yaml
new file mode 100644
index 0000000..153522b
--- /dev/null
+++ b/.github/workflows/sast.yaml
@@ -0,0 +1,52 @@
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+name: Static Application Security Testing
+
+on:
+ push:
+ branches:
+ - develop
+ pull_request:
+
+env:
+ GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
+
+jobs:
+ build:
+ name: Trivy Scan
+ runs-on: ubuntu-latest
+ # Disabling this, as it keeps on randomly failing the build without
providing any information helping to fix it.
+ if: false
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Run Trivy vulnerability scanner in repo mode
+ uses: aquasecurity/trivy-action@master
+ with:
+ scan-type: 'fs'
+ ignore-unfixed: true
+ format: 'sarif'
+ output: 'trivy-results.sarif'
+ severity: 'CRITICAL'
+
+ - name: Upload Trivy scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: 'trivy-results.sarif'
