Skip to content

chore: update GitHub Actions to use reusable workflows #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cuioss-oliver merged 3 commits into from
Feb 3, 2026
Merged

chore: update GitHub Actions to use reusable workflows #34

cuioss-oliver merged 3 commits into from
Feb 3, 2026

Conversation

@cuioss-oliver
Copy link
Collaborator

@cuioss-oliver cuioss-oliver commented Feb 2, 2026

Summary

  • Update project.yml to new structured schema format with IDE autocomplete support
  • Replace inline 109-line maven.yml with 19-line reusable workflow caller
  • Replace inline 86-line maven-release.yml with 20-line reusable release.yml caller
  • Add scorecards.yml for OpenSSF Scorecard security analysis
  • Add dependency-review.yml for PR dependency vulnerability scanning

Changes

project.yml

  • Added YAML Language Server schema reference for IDE validation
  • Migrated from flat fields (pages-reference, sonar-project-key) to structured sections
  • Added maven-build, sonar, and pages configuration sections
  • Enabled create-github-release: true for auto-generated release notes

Workflows

All workflows now call cuioss-organization reusable workflows pinned to v0.2.0 (SHA: 288f393bf5407c87ffd95c128cdf694761941308).

Before After Lines
maven.yml (inline) maven.yml (caller) 109 → 19
maven-release.yml (inline) release.yml (caller) 86 → 20
- scorecards.yml New
- dependency-review.yml New

Test Plan

  • Verify Maven Build workflow passes on this PR
  • Verify dependency-review workflow runs on this PR

🤖 Generated with Claude Code

cuioss-oliver and others added 3 commits February 2, 2026 22:30
@cuioss-oliver @claude
chore: update GitHub Actions to use reusable workflows
c4dc81f 
- Update project.yml to new structured schema format
- Replace inline maven.yml with reusable workflow caller
- Replace inline maven-release.yml with reusable release.yml caller
- Add scorecards.yml for OpenSSF Scorecard security analysis
- Add dependency-review.yml for PR dependency scanning

All workflows now call cuioss-organization reusable workflows
pinned to v0.2.0 (SHA: 288f393bf5407c87ffd95c128cdf694761941308)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@cuioss-oliver @claude
fix: correct SHA reference for reusable workflows
24fcab8 
The SHA 288f393... was incorrect. Using correct v0.2.0 SHA:
9ce5ba83776bab80eeffb695f7374e334cf6bd9f

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@cuioss-oliver @claude
fix: add chore/* to push triggers and permissions to dependency-review
45ee7c2 
- Add chore/* to maven.yml push triggers so builds run on chore branches
- Add required permissions to dependency-review.yml for reusable workflow

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@cuioss-oliver cuioss-oliver merged commit 86d2a1a into main Feb 3, 2026
10 of 12 checks passed
@cuioss-oliver cuioss-oliver deleted the chore/update-github-actions branch February 3, 2026 06:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cuioss-oliver