chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 #260

Workflow file for this run

	name: CI

	on:
	pull_request:
	paths:
	- 'src/**'
	- 'tests/**'
	- 'docs/**'
	- 'site/**'
	- 'scripts/**'
	- 'pom.xml'
	- '.mvn/**'
	- 'mvnw'
	- 'mvnw.cmd'
	- 'README.md'
	- 'CONTRIBUTING.md'
	- 'justfile'
	- '.gitignore'
	- '.github/workflows/**'
	push:
	branches:
	- master
	paths:
	- 'src/**'
	- 'tests/**'
	- 'docs/**'
	- 'site/**'
	- 'scripts/**'
	- 'pom.xml'
	- '.mvn/**'
	- 'mvnw'
	- 'mvnw.cmd'
	- 'README.md'
	- 'CONTRIBUTING.md'
	- 'justfile'
	- '.gitignore'
	- '.github/workflows/**'
	workflow_dispatch:

	permissions:
	contents: read

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	quality:
	runs-on: ubuntu-latest
	timeout-minutes: 10

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Lint GitHub workflows
	uses: reviewdog/action-actionlint@0d952c597ef8459f634d7145b0b044a9699e5e43 # v1
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	fail_level: error
	reporter: github-check

	- name: Set up Java 25
	uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
	with:
	distribution: temurin
	java-version: '25'
	cache: 'maven'

	- name: Set up Node 24
	uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
	with:
	node-version: '24'
	cache: npm
	cache-dependency-path: site/package-lock.json

	- name: Install docs dependencies
	run: npm ci --prefix site

	- name: Docs build
	run: scripts/verify/docs-build.sh

	- name: Docs link check
	run: scripts/verify/docs-linkcheck.sh

	- name: Spotless check
	run: scripts/verify/format-check.sh

	- name: Headless profile compile check
	run: scripts/verify/headless-compile.sh

	tests:
	name: Tests (${{ matrix.os }})
	needs: quality
	runs-on: ${{ matrix.os }}
	timeout-minutes: 15
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest, windows-latest]

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Set up Java 25
	uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
	with:
	distribution: temurin
	java-version: '25'
	cache: 'maven'

	- name: Run tests
	shell: bash
	run: scripts/verify/verify.sh

	coverage:
	name: Coverage
	needs: quality
	runs-on: ubuntu-latest
	timeout-minutes: 15
	permissions:
	contents: read

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Set up Java 25
	uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
	with:
	distribution: temurin
	java-version: '25'
	cache: 'maven'

	- name: Run tests with coverage
	run: scripts/verify/coverage.sh

	- name: Verify coverage files exist
	run: \|
	test -s target/site/jacoco/jacoco.xml

	- name: Upload merged coverage report
	uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
	with:
	name: jacoco-merged-report
	path: target/site/jacoco/
	retention-days: 14
	if-no-files-found: error

	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: target/site/jacoco/jacoco.xml
	fail_ci_if_error: false
	verbose: false

	security:
	name: Security
	needs: quality
	runs-on: ubuntu-latest
	timeout-minutes: 15
	permissions:
	contents: read

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Dependency review
	if: github.event_name == 'pull_request'
	uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
	with:
	fail-on-severity: high

	- name: Set up Node 24
	uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
	with:
	node-version: '24'
	cache: npm
	cache-dependency-path: site/package-lock.json

	- name: Audit docs dependencies
	run: npm audit --prefix site --audit-level=high --package-lock-only

	- name: Trivy vulnerability scan
	uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
	with:
	scan-type: fs
	scan-ref: .
	scanners: vuln
	vuln-type: library
	severity: HIGH,CRITICAL
	ignore-unfixed: true
	exit-code: '1'
	format: table
	skip-dirs: .git,target,site/node_modules

	native-size:
	name: Native Size
	needs: quality
	runs-on: ubuntu-latest
	timeout-minutes: 30

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

	- name: Set up GraalVM 25
	uses: graalvm/setup-graalvm@54b4f5a65c1a84b2fdfdc2078fe43df32819e4b1 # v1
	with:
	distribution: graalvm
	java-version: '25'
	github-token: ${{ secrets.GITHUB_TOKEN }}
	cache: maven

	- name: Verify native-image toolchain
	run: native-image --version

	- name: Build headless native image
	shell: bash
	run: scripts/verify/native-size.sh headless

	- name: Build native image
	shell: bash
	run: scripts/verify/native-size.sh interactive

	- name: Upload native size reports
	uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
	with:
	name: native-size-reports
	path: \|
	target/native-size/
	target/quarkus-forge-build-report.html
	target/quarkus-forge-headless-build-report.html
	retention-days: 14
	if-no-files-found: error

	ci-status:
	name: CI Status
	if: always()
	needs: [quality, tests, coverage, security, native-size]
	runs-on: ubuntu-latest
	timeout-minutes: 1
	steps:
	- name: Check CI results
	run: \|
	if [[ "${{ needs.quality.result }}" != "success" \|\| "${{ needs.tests.result }}" != "success" \|\| "${{ needs.coverage.result }}" != "success" \|\| "${{ needs.security.result }}" != "success" \|\| "${{ needs.native-size.result }}" != "success" ]]; then
	echo "CI failed — see individual job logs above."
	exit 1
	fi
	echo "All CI checks passed."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 #260

Workflow file

chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 #260

Uh oh!

Workflow file for this run