Skip to content

Mute snyk for tests, testing infrastructure, and docs #493

Mute snyk for tests, testing infrastructure, and docs

Mute snyk for tests, testing infrastructure, and docs #493

Workflow file for this run

name: build
on:
push:
branches:
- main
paths-ignore:
- 'README.adoc'
- 'CONTRIBUTING.adoc'
pull_request:
paths-ignore:
- 'README.adoc'
- 'CONTRIBUTING.adoc'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: 'Set up JDK'
uses: actions/setup-java@v3
with:
distribution: zulu
java-version: 17
- name: 'Cache Maven packages'
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}-${{ github.sha }}
- name: 'Enable Sonar for local PRs not from Dependabot'
if: ${{ github.event.sender.login != 'dependabot[bot]' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }}
run: echo "USE_SONAR=sonar" >> $GITHUB_ENV
- name: 'Disable Sonar for foreign PRs or from Dependabot'
if: ${{ github.event.sender.login == 'dependabot[bot]' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) }}
run: echo "USE_SONAR=-sonar" >> $GITHUB_ENV
- name: 'Cache SonarQube packages'
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: 'Enable reusable Testcontainers'
run: echo "testcontainers.reuse.enable=true" > ~/.testcontainers.properties
- name: 'Checkout'
uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: 'Clean and verify'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: >
./mvnw --no-transfer-progress
-P$USE_SONAR -Dsonar.projectKey=neo4j-jdbc -Dsonar.projectName='neo4j-jdbc'
-am -pl neo4j-jdbc -pl neo4j-jdbc-bom -pl bundles/neo4j-jdbc-bundle -pl bundles/neo4j-jdbc-full-bundle
clean install
integration_tests:
name: Integration tests using Java ${{ matrix.java }}
runs-on: ubuntu-latest
strategy:
matrix:
java: [ '17', '21' ]
needs: build
steps:
- name: 'Set up JDK'
uses: actions/setup-java@v3
with:
distribution: zulu
java-version: ${{ matrix.java }}
- name: 'Cache Maven packages'
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}-${{ github.sha }}
- name: 'Enable reusable Testcontainers'
run: echo "testcontainers.reuse.enable=true" > ~/.testcontainers.properties
- name: 'Checkout'
uses: actions/checkout@v3
- name: 'Ensure read permissions for neo4j.conf'
run: chmod 640 neo4j-jdbc-it/neo4j-jdbc-it-cp/src/test/resources/cc/neo4j.conf
- name: 'Run integration tests'
run: >
./mvnw --no-transfer-progress
-DskipUTs
-f neo4j-jdbc-it
clean verify
native_build:
name: Test using native image
runs-on: ubuntu-latest
needs: build
steps:
- name: 'Setup GraalVM'
uses: graalvm/setup-graalvm@v1
with:
distribution: 'graalvm-community'
java-version: '17'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Cache Maven packages'
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}-${{ github.sha }}
- name: 'Enable reusable Testcontainers'
run: echo "testcontainers.reuse.enable=true" > ~/.testcontainers.properties
- name: 'Checkout'
uses: actions/checkout@v3
- name: 'Run native tests'
run: ./mvnw --no-transfer-progress -DskipUTs -Dnative clean verify -pl neo4j-jdbc-it/neo4j-jdbc-it-cp
security_test:
runs-on: ubuntu-latest
if: ${{ github.event.sender.login != 'dependabot[bot]' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }}
steps:
- name: 'Checkout'
uses: actions/checkout@v3
- name: 'Run Snyk to check for vulnerabilities'
uses: snyk/actions/maven@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high --all-projects --exclude=dist,docs,etc,neo4j-jdbc-bundle,neo4j-jdbc-full-bundle,neo4j-jdbc-it,neo4j-jdbc-test-results,benchkit,neo4j-jdbc-text2cypher-translator,neo4j-jdbc-text2cypher-bundle