LIBS-802 - Update dependencies and GH configuration (#7)

.github/workflows/nightly.yml

@@ -2,10 +2,12 @@ name: nightly
 
 on:
   schedule:
-    - cron: 0 0 * * *
+    - cron: 0 0 * * 1
 
 jobs:
-  build:
+  nightly:
+    timeout-minutes: 30
+
     runs-on: ubuntu-latest
 
     steps:
@@ -14,10 +16,11 @@ jobs:
         with:
           java-version: 11
 
-      - uses: actions/checkout@v1
+      - name: checkout
+        uses: actions/checkout@v2
 
       - name: caching
-        uses: actions/cache@v1
+        uses: actions/cache@v2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -34,12 +37,13 @@ jobs:
 
       - name: sonar-analyse
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_HOST: ${{ secrets.OS_SONAR_HOST_URL }}
+          SONAR_TOKEN: ${{ secrets.OS_SONAR_TOKEN }}
         run: |
           export SONAR_ORGANIZATION=$(echo ${GITHUB_REPOSITORY} | cut -d / -f 1)
           mvn sonar:sonar \
-            -Dsonar.host.url=https://sonarcloud.io/ \
-            -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
+            -Dsonar.host.url=${SONAR_HOST} \
+            -Dsonar.login=${SONAR_TOKEN} \
             -Dsonar.organization=${SONAR_ORGANIZATION} \
             -Dsonar.projectKey=${GITHUB_REPOSITORY//\//_} \
             -Dsonar.java.binaries=./target/classes

.github/workflows/release.yml

@@ -7,10 +7,13 @@ on:
 
 jobs:
   release:
+    timeout-minutes: 30
+
     env:
-      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     runs-on: ubuntu-latest
+
     steps:
       - name: setup-java
         uses: actions/setup-java@v1
@@ -25,31 +28,35 @@ jobs:
 
       - name: setup-gpg
         env:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-        run: echo ${GPG_PRIVATE_KEY} | base64 --decode | gpg --batch --import
+          GPG_PRIVATE_KEY: ${{ secrets.OS_GPG_PRIVATE_KEY }}
+        run: cat <(echo -e "${GPG_PRIVATE_KEY}") | gpg --batch --import
 
       - name: checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: caching
-        uses: actions/cache@v1
+        uses: actions/cache@v2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-maven-
 
       - name: deploy
         env:
-          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
-        run: mvn clean verify deploy -Dgpg.executable=gpg -Dgpg.passphrase=${GPG_PASSPHRASE}
+          OSSRH_USERNAME: ${{ secrets.OS_OSSRH_USERNAME }}
+          OSSRH_PASSWORD: ${{ secrets.OS_OSSRH_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.OS_GPG_PASSPHRASE }}
+        run: mvn deploy -Dmaven.wagon.http.pool=false -Dgpg.executable=gpg -Dgpg.passphrase=${GPG_PASSPHRASE}
 
       - name: sonar-analyse
+        env:
+          SONAR_HOST: ${{ secrets.OS_SONAR_HOST_URL }}
+          SONAR_TOKEN: ${{ secrets.OS_SONAR_TOKEN }}
         run: |
           export SONAR_ORGANIZATION=$(echo ${GITHUB_REPOSITORY} | cut -d / -f 1)
           mvn sonar:sonar \
-            -Dsonar.host.url=https://sonarcloud.io/ \
-            -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
+            -Dsonar.host.url=${SONAR_HOST} \
+            -Dsonar.login=${SONAR_TOKEN} \
             -Dsonar.organization=${SONAR_ORGANIZATION} \
             -Dsonar.projectKey=${GITHUB_REPOSITORY//\//_} \
             -Dsonar.java.binaries=./target/classes

.github/workflows/review.yml

@@ -5,7 +5,9 @@ on:
     types: [opened, synchronize]
 
 jobs:
-  build:
+  review:
+    timeout-minutes: 30
+
     runs-on: ubuntu-latest
 
     steps:
@@ -15,10 +17,44 @@ jobs:
           java-version: 11
 
       - name: checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.GPR_TOKEN }}
+          fetch-depth: ''
+
+      - name: post-checkout
+        run: git fetch --prune --unshallow
+
+      - name: action-configuration-autoupdate
+        id: actions_action_configuration_autoupdate
+        uses: avides/actions-action-configuration-autoupdate@v1
+        with:
+          token: ${{ secrets.GPR_TOKEN }}
+          actions-configuration-files: os-java-library/nightly.yml,os-java-library/release.yml,os-java-library/review.yml
+          source-repository: ${{ secrets.ACTIONS_CONFIG_AUTOUPDATE_REPO }}
+
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          file_pattern: .github/workflows/*.yml
+          commit_user_name: ${{ secrets.ACTIONS_CONFIG_AUTOUPDATE_USER }}
+          commit_user_email: ${{ secrets.ACTIONS_CONFIG_AUTOUPDATE_EMAIL }}
+          commit_author: ${{ secrets.ACTIONS_CONFIG_AUTOUPDATE_AUTHOR }}
+          commit_message: Update GitHub Action configuration
+
+      - name: action-configuration-updated
+        if: ${{ steps.actions_action_configuration_autoupdate.outputs.updated }}
+        run: exit 1;
+
+      - name: project-version-check
+        uses: avides/actions-project-version-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          file-to-check: pom.xml
+          additional-files-to-check: README.md
 
       - name: caching
-        uses: actions/cache@v1
+        uses: actions/cache@v2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -35,17 +71,19 @@ jobs:
 
       - name: sonar-analyse
         env:
+          SONAR_HOST: ${{ secrets.OS_SONAR_HOST_URL }}
+          SONAR_TOKEN: ${{ secrets.OS_SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          export GITHUB_PULL_REQUEST=$(cut -d / -f 3 <(echo ${GITHUB_REF}))
           export SONAR_ORGANIZATION=$(echo ${GITHUB_REPOSITORY} | cut -d / -f 1)
           mvn sonar:sonar \
-            -Dsonar.host.url=https://sonarcloud.io/ \
-            -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
+            -Dsonar.host.url=${SONAR_HOST} \
+            -Dsonar.login=${SONAR_TOKEN} \
             -Dsonar.organization=${SONAR_ORGANIZATION} \
             -Dsonar.projectKey=${GITHUB_REPOSITORY//\//_} \
-            -Dsonar.pullrequest.key=${GITHUB_PULL_REQUEST} \
-            -Dsonar.pullrequest.branch=${GITHUB_REF} \
+            -Dsonar.pullrequest.key=${{ github.event.number }} \
+            -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} \
+            -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} \
             -Dsonar.java.binaries=./target/classes
 
       - name: pom-analyse

README.md

@@ -14,6 +14,6 @@ XML-streaming-parser with [XOM](http://www.xom.nu/ "XOM")-support
 <dependency>
 	<groupId>com.avides.xml</groupId>
 	<artifactId>sax-xom-parser</artifactId>
-	<version>2.0.1</version>
+	<version>2.1.0</version>
 </dependency>
 ```

pom.xml

@@ -3,7 +3,7 @@
 
   <groupId>com.avides.xml</groupId>
   <artifactId>sax-xom-parser</artifactId>
-  <version>2.0.1</version>
+  <version>2.1.0</version>
 
   <name>sax-xom-parser</name>
   <description>XML-streaming-parser with xom-support</description>
@@ -40,10 +40,10 @@
     <java.version>11</java.version>
     <!-- Testing -->
     <jacoco.version>0.8.5</jacoco.version>
-    <powermock.version>2.0.4</powermock.version>
-    <easymock.version>4.1</easymock.version>
-    <assertj.version>3.14.0</assertj.version>
-    <xpath-helper.version>0.5.3-RELEASE</xpath-helper.version>
+    <powermock.version>2.0.7</powermock.version>
+    <easymock.version>4.2</easymock.version>
+    <assertj.version>3.16.1</assertj.version>
+    <xpath-helper.version>0.6.0</xpath-helper.version>
     <!-- Build -->
     <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
     <maven-source-plugin.version>3.2.0</maven-source-plugin.version>