This is an automated email from the ASF dual-hosted git repository. vy pushed a commit to branch gha-v0-fixCi in repository https://gitbox.apache.org/repos/asf/logging-parent.git
commit f3ed3eca6c6318769ab87d169fb6263bb7e09d54 Author: Volkan Yazıcı <[email protected]> AuthorDate: Thu Apr 30 12:20:03 2026 +0200 Remove Develocity and OSSH Scorecards --- .github/workflows/build-reusable.yaml | 44 --------------- .../workflows/scorecards-analysis-reusable.yaml | 66 ---------------------- 2 files changed, 110 deletions(-) diff --git a/.github/workflows/build-reusable.yaml b/.github/workflows/build-reusable.yaml index d7b39c0..79b8e12 100644 --- a/.github/workflows/build-reusable.yaml +++ b/.github/workflows/build-reusable.yaml @@ -20,10 +20,6 @@ name: build-reusable on: workflow_call: inputs: - develocity-enabled: - description: Enable Develocity Build Scan publication - default: false - type: boolean java-version: description: The Java compiler version default: 17 @@ -95,38 +91,6 @@ jobs: java-version: ${{ inputs.java-version }} cache: maven - - name: Set up Develocity - if: inputs.develocity-enabled - shell: bash - run: | - if [ -f .mvn/develocity.xml ]; then - DEVELOCITY_VERSION=$(./mvnw help:evaluate -q -DforceStdout -Dexpression=develocity-maven-plugin.version) - USER_DATA_VERSION=$(./mvnw help:evaluate -q -DforceStdout -Dexpression=develocity-user-data-extension.version) - cat >.mvn/extensions.xml <<EOF - <extensions> - <extension> - <groupId>com.gradle</groupId> - <artifactId>develocity-maven-extension</artifactId> - <version>$DEVELOCITY_VERSION</version> - </extension> - <extension> - <groupId>com.gradle</groupId> - <artifactId>common-custom-user-data-maven-extension</artifactId> - <version>$USER_DATA_VERSION</version> - </extension> - </extensions> - EOF - # Print file for debugging purposes - cat .mvn/extensions.xml - fi - - - name: Setup Develocity Build Scan capture - if: inputs.develocity-enabled - # INFRA-approved GHAs: https://github.com/apache/infrastructure-actions/blob/main/actions.yml - uses: gradle/develocity-actions/setup-maven@4a2aed82eea165ba2d5c494fc2a8730d7fdff229 # 2.1 - with: - develocity-access-key: ${{ secrets.DV_ACCESS_TOKEN }} - # We use `install` instead of `verify`, otherwise the build website step below fails - name: Build id: build @@ -148,14 +112,6 @@ jobs: **/target/surefire-reports **/target/logs - - name: Clean up Develocity - if: inputs.develocity-enabled - shell: bash - run: | - rm -f .mvn/extensions.xml - # Clean up changes introduced by gradle/develocity-actions/maven-setup - echo "MAVEN_OPTS=" >> "$GITHUB_ENV" - # Node.js cache is needed for Antora - name: Set up Node.js cache if: inputs.site-enabled diff --git a/.github/workflows/scorecards-analysis-reusable.yaml b/.github/workflows/scorecards-analysis-reusable.yaml deleted file mode 100644 index 49c482c..0000000 --- a/.github/workflows/scorecards-analysis-reusable.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to you under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -name: scorecards-analysis - -on: - workflow_call: - -# Explicitly drop all permissions inherited from the caller for security. -# Reference: https://docs.github.com/en/actions/sharing-automations/reusing-workflows#access-and-permissions -permissions: { } - -jobs: - - analysis: - name: "Scorecards analysis" - runs-on: ubuntu-latest - # Permissions required to publish Security Alerts - permissions: - security-events: write - - steps: - - - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 - with: - persist-credentials: false - - - name: "Run analysis" - # INFRA-approved GHAs: https://github.com/apache/infrastructure-actions/blob/main/actions.yml - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # 2.4.3 - with: - results_file: results.sarif - results_format: sarif - # A read-only PAT token, which is sufficient for the action to function. - # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188 - repo_token: ${{ secrets.GITHUB_TOKEN }} - # Publish the results for public repositories to enable scorecard badges. - # For more details: https://github.com/ossf/scorecard-action#publishing-results - publish_results: true - - - name: "Upload artifact" - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # 7.0.1 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # 4.35.1 - with: - sarif_file: results.sarif
