build-and-test.yml

name: Build and test with Gradle

on: [workflow_dispatch, workflow_call, push, pull_request]

jobs:
  build:
    runs-on: ${{ matrix.os }}
    permissions:
      security-events: write
      actions: read
      contents: read
    strategy:
      fail-fast: false
      matrix:
        java: [ '17', '21' ]
        os: [ 'ubuntu-latest' ]
    name: Java ${{ matrix.Java }}
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: '1'
      - name: Setup java
        uses: actions/setup-java@v2
        with:
          distribution: 'zulu'
          java-version: ${{ matrix.java }}
      - name: "Build and test"
        shell: bash
        run: |
          java -version
          javac -version
          ./gradlew --no-daemon check -x spotBugsMain -x shadowJar

      - name: Publish Build
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: build-${{ github.run_number }}-${{ matrix.java }}
          path: ${{ github.workspace }}

  gradle-scan:
    name: Snyk gradle scan
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Run Snyk to check build.gradle for vulnerabilities
        uses: snyk/actions/gradle-jdk17@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          command: test
          args: --severity-threshold=high --org=f310ee2f-5552-444d-84ee-ec8c44c33adb