chore: pin GitHub Actions to SHA for supply chain security #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Build' | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release/** | |
| pull_request: | |
| jobs: | |
| build: | |
| name: Build Job ${{ matrix.os }} - Java ${{ matrix.java }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| # we want that the matrix keeps running, default is to cancel them if it fails. | |
| fail-fast: false | |
| matrix: | |
| # TODO: windows-latest | |
| os: [ubuntu-latest, macos-latest] | |
| # Zulu Community distribution of OpenJDK | |
| java: ['17'] | |
| steps: | |
| - name: Git checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 | |
| - name: 'Set up Java: ${{ matrix.java }}' | |
| uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3 | |
| with: | |
| java-version: ${{ matrix.java }} | |
| distribution: 'temurin' | |
| - name: Cache Gradle packages | |
| uses: actions/cache@8492260343ad570701412c2f464a5877dc76bace # v2 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| # Clean, check formatting, build and do a dry release | |
| - name: Make all | |
| run: make all | |
| # We stop gradle at the end to make sure the cache folders | |
| # don't contain any lock files and are free to be cached. | |
| - name: Make stop | |
| run: make stop | |
| - name: Archive packages | |
| # We need artifacts from only one the builds | |
| if: runner.os == 'Linux' && matrix.java == '17' | |
| uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 | |
| with: | |
| name: ${{ github.sha }} | |
| if-no-files-found: error | |
| path: | | |
| ./*/build/distributions/*.zip | |
| ./sentry-android-ndk/build/intermediates/merged_native_libs/release/out/lib/* | |
| - name: Upload coverage to Codecov | |
| # We need coverage data from only one the builds | |
| if: runner.os == 'Linux' && matrix.java == '17' | |
| uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # pin@v3 | |
| with: | |
| name: sentry-java |