This repository was archived by the owner on Mar 20, 2026. It is now read-only.

Add TRACE logging for Hibernate parameter binding (temporary for demo) #2

Workflow file for this run

	name: CI Pipeline

	on:
	push:
	branches: [ main, develop ]
	pull_request:
	branches: [ main ]

	jobs:
	build-and-test:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: gradle

	- name: Grant execute permission for gradlew
	run: chmod +x gradlew

	- name: Build project
	run: ./gradlew build -x test --no-daemon

	- name: Run tests
	run: ./gradlew test --no-daemon

	- name: Generate JaCoCo coverage report
	run: ./gradlew jacocoTestReport --no-daemon

	- name: Upload JaCoCo coverage report
	uses: actions/upload-artifact@v4
	with:
	name: jacoco-report
	path: build/reports/jacoco/html/
	retention-days: 14

	- name: Upload test results
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: test-results
	path: build/reports/tests/test/
	retention-days: 14

	- name: JaCoCo Coverage Summary
	if: always()
	run: \|
	if [ -f build/reports/jacoco/html/index.html ]; then
	echo "### JaCoCo Coverage Report Generated" >> $GITHUB_STEP_SUMMARY
	echo "Coverage report uploaded as artifact." >> $GITHUB_STEP_SUMMARY
	fi

	security-scan:
	runs-on: ubuntu-latest
	needs: build-and-test # Run after tests pass

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: gradle

	- name: Grant execute permission for gradlew
	run: chmod +x gradlew

	- name: Run OWASP Dependency Check
	run: ./gradlew dependencyCheckAnalyze --no-daemon
	continue-on-error: true # Don't fail build on first run (takes time to download CVE database)

	- name: Upload OWASP Dependency Check Report
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: dependency-check-report
	path: build/reports/dependency-check-report.html
	retention-days: 14

	- name: Check for high severity vulnerabilities
	run: \|
	if [ -f build/reports/dependency-check-report.json ]; then
	HIGH_COUNT=$(cat build/reports/dependency-check-report.json \| grep -c '"severity" : "HIGH"' \|\| true)
	CRITICAL_COUNT=$(cat build/reports/dependency-check-report.json \| grep -c '"severity" : "CRITICAL"' \|\| true)
	echo "High severity: $HIGH_COUNT, Critical severity: $CRITICAL_COUNT"
	if [ "$CRITICAL_COUNT" -gt 0 ]; then
	echo "::error::Critical vulnerabilities found!"
	exit 1
	fi
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add TRACE logging for Hibernate parameter binding (temporary for demo) #2

Workflow file

Add TRACE logging for Hibernate parameter binding (temporary for demo) #2

Uh oh!

Workflow file for this run