build_maven_package.yml 1.0.1

fugerit79 · fugerit79 · commit 8ee361a90180 · 2024-02-17T17:42:48.000+01:00
Added DISABLE_MAVEN_DEPENDENCY_SUBMISSION variable
diff --git a/.github/workflows/build_maven_package.yml b/.github/workflows/build_maven_package.yml
@@ -1,6 +1,6 @@
 # CI with maven build and scan
 #
-# version 1.0.0
+# version 1.0.1
 #
 # see : https://universe.fugerit.org/src/docs/conventions/workflows/build_maven_package.html
 
@@ -58,7 +58,7 @@ jobs:
           # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Build and analyze
-        run: mvn -B clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage,full,metadata,sonarfugerit,buildreact -Dsonar.projectKey=fugerit-org_${{github.event.repository.name}}
+        run: mvn -B clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage,full,metadata,sonarfugerit -Dsonar.projectKey=fugerit-org_${{github.event.repository.name}}
         env:
           # Needed to get some information about the pull request, if any
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -67,4 +67,6 @@ jobs:
 
       # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
       - name: Update dependency graph
+        # if DISABLE_MAVEN_DEPENDENCY_SUBMISSION is set to true, skip this step
+        if: ${{ vars.DISABLE_MAVEN_DEPENDENCY_SUBMISSION != 'true' }}
         uses: advanced-security/maven-dependency-submission-action@main
diff --git a/src/docs/conventions/workflows/build_maven_package.md b/src/docs/conventions/workflows/build_maven_package.md
@@ -2,7 +2,7 @@
 
 This is a maven java workflow responsible for running maven build, scan and, in some cases, other actions like docker image build.
 
-**Version** : 1.0.0
+**Version** : 1.0.1
 
 There are a few steps which are always run : 
 
@@ -14,4 +14,13 @@ Optionally the workflow may :
 
 - Docker image build and push
 
-For an example of this project look at [build_maven_package.yml](https://github.com/fugerit-org/fj-doc/blob/main/.github/workflows/build_maven_package.yml)
+For an example of this project look at [build_maven_package.yml](https://github.com/fugerit-org/fj-doc/blob/main/.github/workflows/build_maven_package.yml)
+
+## step : Update dependency graph
+
+To fix the issue :
+[Github action broken with 4.0.1](https://github.com/advanced-security/maven-dependency-submission-action/issues/65)
+
+Setting github variable `DISABLE_MAVEN_DEPENDENCY_SUBMISSION` to `true`, the step will be disabled.
+
+It is possible to setup the variable at repository or account level.
