From 15afbadf1be6a6a434908a28f54c52bc248c7f25 Mon Sep 17 00:00:00 2001 From: I538344 Date: Wed, 24 Sep 2025 14:51:42 +0200 Subject: [PATCH 1/2] chore: [DevOps] Added Maven cache --- .../workflows/cache-maven-dependencies.yaml | 45 +++++++++++++++++++ .github/workflows/continuous-integration.yaml | 10 +++++ .github/workflows/spec-update.yaml | 10 +++++ 3 files changed, 65 insertions(+) create mode 100644 .github/workflows/cache-maven-dependencies.yaml diff --git a/.github/workflows/cache-maven-dependencies.yaml b/.github/workflows/cache-maven-dependencies.yaml new file mode 100644 index 000000000..61c174bcd --- /dev/null +++ b/.github/workflows/cache-maven-dependencies.yaml @@ -0,0 +1,45 @@ +name: "Cache Maven Dependencies" + +on: + workflow_dispatch: + schedule: + - cron: '57 4 * * Sun' + +env: + MAVEN_CACHE_REF: refs/heads/main + MAVEN_CACHE_KEY: maven-dependencies + MAVEN_CACHE_DIR: ~/.m2 + +jobs: + update-cache: + runs-on: ubuntu-latest + steps: + - name: "Checkout" + uses: actions/checkout@v5 + with: + ref: ${{ env.MAVEN_CACHE_REF }} + + - name: "Setup Java" + uses: actions/setup-java@v5 + with: + distribution: "sapmachine" + java-version: 17 + + - name: "Download Dependencies" + run: mvn -B dependency:go-offline + + - name: "Delete Existing Caches" + run: | + CACHE_IDS=$(gh cache list --key "${{ env.MAVEN_CACHE_KEY }}" --ref "${{ env.MAVEN_CACHE_REF }}" --json id | jq -r '.[] | .id') + for CACHE_ID in $CACHE_IDS; do + echo "Deleting cache with ID: $CACHE_ID" + gh cache delete "${CACHE_ID}" + done + env: + GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }} + + - name: "Cache Dependencies" + uses: actions/cache/save@v4 + with: + path: ${{ env.MAVEN_CACHE_DIR }} + key: ${{ env.MAVEN_CACHE_KEY }} diff --git a/.github/workflows/continuous-integration.yaml b/.github/workflows/continuous-integration.yaml index 11eefc34f..3a7eeec0e 100644 --- a/.github/workflows/continuous-integration.yaml +++ b/.github/workflows/continuous-integration.yaml @@ -10,6 +10,9 @@ env: MVN_MULTI_THREADED_ARGS: --batch-mode --no-transfer-progress --fail-at-end --show-version --threads 1C MVN_SKIP_CI_PLUGINS: -DskipFormatting -Denforcer.skip -Djacoco.skip -Dmdep.analyze.skip JAVA_VERSION: 17 + # keep the following two variables in sync with our 'cache-maven-dependencies.yaml' workflow + MAVEN_CACHE_KEY: maven-dependencies + MAVEN_CACHE_DIR: ~/.m2 jobs: @@ -33,6 +36,13 @@ jobs: java-version: ${{ env.JAVA_VERSION }} cache: 'maven' + - name: "Restore Dependencies" + id: restore-dependencies + uses: actions/cache/restore@v4 + with: + key: ${{ env.MAVEN_CACHE_KEY }} + path: ${{ env.MAVEN_CACHE_DIR }} + - name: "REUSE Compliance Check" uses: fsfe/reuse-action@v5 diff --git a/.github/workflows/spec-update.yaml b/.github/workflows/spec-update.yaml index d8577bdbc..2f20742b3 100644 --- a/.github/workflows/spec-update.yaml +++ b/.github/workflows/spec-update.yaml @@ -27,6 +27,9 @@ on: env: MVN_MULTI_THREADED_ARGS: --batch-mode --no-transfer-progress --fail-at-end --show-version --threads 1C JAVA_VERSION: 17 + # keep the following two variables in sync with our 'cache-maven-dependencies.yaml' workflow + MAVEN_CACHE_KEY: maven-dependencies + MAVEN_CACHE_DIR: ~/.m2 jobs: generate: @@ -59,6 +62,13 @@ jobs: java-version: ${{ env.JAVA_VERSION }} cache: 'maven' + - name: "Restore Dependencies" + id: restore-dependencies + uses: actions/cache/restore@v4 + with: + key: ${{ env.MAVEN_CACHE_KEY }} + path: ${{ env.MAVEN_CACHE_DIR }} + - name: "Checkout or Create Branch" id: branch # Checkout branch if it exists, otherwise create it From 91713bf446e9779a9fd91158c4001c5e29b410ba Mon Sep 17 00:00:00 2001 From: Charles Dubois <103174266+CharlesDuboisSAP@users.noreply.github.com> Date: Wed, 24 Sep 2025 15:33:38 +0200 Subject: [PATCH 2/2] Potential fix for code scanning alert no. 19: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/cache-maven-dependencies.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cache-maven-dependencies.yaml b/.github/workflows/cache-maven-dependencies.yaml index 61c174bcd..c006433fd 100644 --- a/.github/workflows/cache-maven-dependencies.yaml +++ b/.github/workflows/cache-maven-dependencies.yaml @@ -1,4 +1,6 @@ name: "Cache Maven Dependencies" +permissions: + contents: read on: workflow_dispatch: