updated workflow with workload identity federation

.github/workflows/database-goodies.yaml

@@ -4,85 +4,88 @@ on:
   push:
   pull_request:
   workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *" 
 
 jobs:
   test:
     runs-on: ubuntu-latest
-    services:
-      postgres:
-        image: postgres:9.6
-        ports:
-          - 5432:5432
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-        options: >-
-          --health-cmd="pg_isready"
-          --health-interval=10s
-          --health-timeout=5s
-          --health-retries=5
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-    - name: Set up JDK 8
-      uses: actions/setup-java@v3
-      with:
-        java-version: '8'
-        distribution: 'adopt'
+      - name: Set up Oracle JDK 8
+        uses: actions/setup-java@v3
+        with:
+          java-version: 8
+          distribution: 'zulu'
+          cache: maven
 
-    - name: Cache Maven dependencies
-      uses: actions/cache@v3
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
+      - name: Copy Maven settings
+        run: |
+          mkdir -p $HOME/.m2
+          cp ./travis/maven-settings.xml $HOME/.m2/settings.xml
 
-    - name: Set up Maven settings
-      run: |
-        mkdir -p ~/.m2
-        cp ./travis/maven-settings.xml ~/.m2/settings.xml
-        sed -i "s/-SNAPSHOT/-github-build-${{ github.run_number }}/" pom.xml
+      - name: Update pom.xml version
+        run: |
+          sed -i "s/-SNAPSHOT/-build-${{ github.run_number }}/" pom.xml
 
-    - name: Create test database and user in PostgreSQL
-      run: |
-        psql -U postgres -c "create user test with password 'test';"
-        psql -c 'create database test owner test;' -U postgres
-      env:
-        PGPASSWORD: postgres
+      - name: Disable SourceClear except for cron jobs
+        run: |
+          if [ "${{ github.event_name }}" != "schedule" ]; then
+            export NOSCAN=1
+          fi
 
-    - name: Run tests
-      run: |
-        mvn -e test
-        mvn -e -Ppostgresql -Dpostgres.database.url=jdbc:postgresql:test \
-        -Dpostgres.database.user=test -Dpostgres.database.password=test verify
+      - name: Install PostgreSQL 9.6
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y postgresql-9.6 postgresql-contrib-9.6
 
-    - name: Print Surefire reports on failure
-      if: failure()
-      run: |
-        echo "\n=== SUREFIRE REPORTS ===\n"
-        for F in target/surefire-reports/*.txt; do echo $F; cat $F; echo; done
+      - name: Set up PostgreSQL 9.6
+        run: |
+          sudo service postgresql start
+          sudo -u postgres psql -c "create user test with password 'test';"
+          sudo -u postgres psql -c "create database test owner test;"
 
-  deploy_snapshots:
+      - name: Run tests
+        run: |
+          mvn -e test
+          mvn -e -Ppostgresql -Dpostgres.database.url=jdbc:postgresql:test -Dpostgres.database.user=test -Dpostgres.database.password=test verify
+
+      - name: Show test reports on failure
+        if: failure()
+        run: |
+          echo "\n=== SUREFIRE REPORTS ===\n"
+          for F in target/surefire-reports/*.txt; do echo $F; cat $F; echo; done
+
+  deploy-snapshots:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/master' && github.event_name == 'push'
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          project_id: 'som-rit-infrastructure-prod'
+          workload_identity_provider: 'projects/294515190965/locations/global/workloadIdentityPools/github/providers/susom-github'
+
+      - name: Set up Oracle JDK 8
+        uses: actions/setup-java@v3
+        with:
+          java-version: 8
+          distribution: 'zulu'
+          cache: maven
 
-    - name: Set up JDK 8
-      uses: actions/setup-java@v3
-      with:
-        java-version: '8'
-        distribution: 'adopt'
+      - name: Copy Maven settings
+        run: |
+          mkdir -p $HOME/.m2
+          cp ./travis/maven-settings.xml $HOME/.m2/settings.xml
 
-    - name: Set up Maven settings
-      run: |
-        mkdir -p ~/.m2
-        cp ./travis/maven-settings.xml ~/.m2/settings.xml
-        sed -i "s/-SNAPSHOT/-github-build-${{ github.run_number }}/" pom.xml
+      - name: Update pom.xml version
+        run: |
+          sed -i "s/-SNAPSHOT/-build-${{ github.run_number }}/" pom.xml
 
-    - name: Deploy Snapshots
-      run: |
-        mvn --batch-mode -e -DskipTests=true deploy
+      - name: Deploy snapshots
+        run: |
+          mvn --batch-mode -e -DskipTests=true deploy

pom.xml

@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
@@ -175,22 +174,6 @@
           </execution>
         </executions>
       </plugin>
-
-      <!-- NOTE: We are using the maven release plugin to deploy to Maven Central, see:
-           https://central.sonatype.org/pages/apache-maven.html#performing-a-release-deployment-with-the-maven-release-plugin
-           for explanation as to why the useReleaseProfile is set to false.
-      -->
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-release-plugin</artifactId>
-        <version>2.5.3</version>
-        <configuration>
-          <autoVersionSubmodules>true</autoVersionSubmodules>
-          <useReleaseProfile>false</useReleaseProfile>
-          <releaseProfiles>release</releaseProfiles>
-          <goals>deploy</goals>
-        </configuration>
-      </plugin>
     </plugins>
   </build>
 
@@ -422,49 +405,5 @@
         </dependency>
       </dependencies>
     </profile>
-
-    <profile>
-      <id>release</id>
-      <properties>
-        <gpg.executable>gpg</gpg.executable>
-        <gpg.keyname>${env.GPG_KEY_NAME}</gpg.keyname>
-        <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
-      </properties>
-      <distributionManagement>
-        <repository>
-          <id>ossrh</id>
-          <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-      </distributionManagement>
-      <build>
-        <plugins>
-          <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-gpg-plugin</artifactId>
-            <version>1.6</version>
-            <executions>
-              <execution>
-                <id>sign-artifacts</id>
-                <phase>verify</phase>
-                <goals>
-                  <goal>sign</goal>
-                </goals>
-              </execution>
-            </executions>
-          </plugin>
-          <plugin>
-            <groupId>org.sonatype.plugins</groupId>
-            <artifactId>nexus-staging-maven-plugin</artifactId>
-            <version>1.6.6</version>
-            <extensions>true</extensions>
-            <configuration>
-              <serverId>ossrh</serverId>
-              <nexusUrl>https://oss.sonatype.org/</nexusUrl>
-              <autoReleaseAfterClose>true</autoReleaseAfterClose>
-            </configuration>
-          </plugin>
-        </plugins>
-      </build>
-    </profile>
   </profiles>
-</project>
+</project>

travis/maven-settings.xml

@@ -1,17 +1,17 @@
 <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
-                      http://maven.apache.org/xsd/settings-1.0.0.xsd">
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
 
   <mirrors>
     <mirror>
       <mirrorOf>*,!artifact-registry</mirrorOf>
       <url>https://repo.maven.apache.org/maven2/</url>
     </mirror>
   </mirrors>
+
   <profiles>
     <profile>
-      <id>travis-ci</id>
+      <id>ci-build</id>
       <repositories>
         <repository>
           <id>artifact-registry</id>
@@ -35,39 +35,16 @@
           <url>https://repo.maven.apache.org/maven2</url>
         </pluginRepository>
       </pluginRepositories>
-
     </profile>
   </profiles>
 
   <activeProfiles>
-    <!--make the profile active all the time -->
-    <activeProfile>travis-ci</activeProfile>
+    <!-- Activate the CI profile -->
+    <activeProfile>ci-build</activeProfile>
   </activeProfiles>
 
   <servers>
-    <server>
-      <id>artifact-registry</id>
-      <configuration>
-        <httpConfiguration>
-          <get>
-            <usePreemptive>true</usePreemptive>
-          </get>
-          <head>
-            <usePreemptive>true</usePreemptive>
-          </head>
-          <put>
-            <params>
-              <property>
-                <name>http.protocol.expect-continue</name>
-                <value>false</value>
-              </property>
-            </params>
-          </put>
-        </httpConfiguration>
-      </configuration>
-      <username>_json_key_base64</username>
-      <password>${env.ARTIFACT_REGISTRY_KEY}</password>
-    </server>
+    <!-- Removed authentication credentials for Artifact Registry -->
     <server>
       <id>ossrh</id>
       <username>${env.OSSRH_USERNAME}</username>