IDEMPIERE-6121:github action fail by tycho update => setup maven to 3…

….9 (#2330)

* IDEMPIERE-6121:github action fail by tycho update => setup maven to 3.9

1. update maven to 9.3
2. step setup java generate 2 file
.m2/toolchains.xml
.m2/settings.xml

    bellow case make conflict

    1. setup java for java-17 => create toolchains.xml point to java-17 home
    2. cache save toolchains.xml
    3. update java to java-17.1 create toolchains.xml point to java-17.1 home
    4. cache restore old toolchains.xml make conflict because it point to java-17 home

so change to cache only .m2/repository

* IDEMPIERE-6121:github action fail by tycho update => setup maven to 3.9

update some action, add comment

.github/workflows/codeql-analysis.yml

@@ -35,33 +35,42 @@ jobs:
 
     # Install Java
     - name: Setup Java
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: '${{ env.java }}'
         distribution: ${{ env.java_distribution }}
+        check-latest: true
+
+    # setup maven to 3.9 for tycho
+    - name: Set up Maven
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: 3.9.6
 
     # on case PR it check out to commit is merger of PR to base (master)
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         # fetch all commit so sornar can know who change a line, it's resolved Warning:  Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
         fetch-depth: 0
 
+    # restore sonar cache
     - name: Cache sonar material restore
       id: cache-sonar-material-restore
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: |
           ~/.sonar/cache
         key: ${{ runner.os }}-sonar-${{ env.branch_name }}
 
+    # restore maven cache
     - name: Cache maven material restore
       id: cache-maven-material-restore
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: |
-          ~/.m2
-        key: ${{ runner.os }}-maven-${{ env.branch_name }}
+          ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ env.branch_name }}-repository
 
     # run sonar on master only because sonar for PR come from other repository isn't support at moment (already on develop) 
     # https://stackoverflow.com/a/39720346
@@ -78,19 +87,21 @@ jobs:
         codeql="-Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true"
         mvn -B -V -e $codeql $sonar $sonarProject $sonarExclusions package org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
 
+    # save sonar cache
     - name: Cache sonar material save
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: |
           ~/.sonar/cache
         key: ${{ steps.cache-sonar-material-restore.outputs.cache-primary-key }}
-
+
+    # save maven cache
     - name: Cache maven material save
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: |
-          ~/.m2
-        key: ${{ steps.cache-maven-material-restore.outputs.cache-primary-key }}
+          ~/.m2/repository
+        key: ${{ steps.cache-maven-material-restore.outputs.cache-primary-key }}-repository
 
   analyze_java_codeQL:
     name: Analyze java by code QL
@@ -103,26 +114,34 @@ jobs:
 
     # Install Java
     - name: Setup Java
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: '${{ env.java }}'
         distribution: ${{ env.java_distribution }}
+        check-latest: true
+
+    # setup maven to 3.9 for tycho
+    - name: Set up Maven
+      uses: stCarolas/setup-maven@v5
+      with:
+        maven-version: 3.9.6
 
     # on case PR it check out to commit is merger of PR to base (master)
     - name: Checkout repository
-      uses: actions/checkout@v3
-
+      uses: actions/checkout@v4
+
+    # restore maven cache
     - name: Cache maven material restore
       id: cache-maven-material-restore
-      uses: actions/cache/restore@v3
+      uses: actions/cache/restore@v4
       with:
         path: |
-          ~/.m2
-        key: ${{ runner.os }}-maven-${{ env.branch_name }}
+          ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ env.branch_name }}-repository
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: java
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -131,17 +150,18 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
 
+    # save maven cache
     - name: Cache maven material save
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@v4
       with:
         path: |
-          ~/.m2
-        key: ${{ steps.cache-maven-material-restore.outputs.cache-primary-key }}
+          ~/.m2/repository
+        key: ${{ steps.cache-maven-material-restore.outputs.cache-primary-key }}-repository
 
 
   analyze_javascript_codeQL:
@@ -155,12 +175,12 @@ jobs:
 
     # on case PR it check out to commit is merger of PR to base (master)
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: javascript
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3