Johannes
/
gson-comments
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Upgrade GitHub actions & pin to commit hash (#2598) 

* Upgrade GitHub actions & pin to commit hash

The only exception is `google/oss-fuzz` which does not seem to have releases
or Git tags, so pinning might not make sense there.

Also adds `actions/setup-java` to the `codeql-analysis` workflow to
explicitly specify the JDK version to use (and to use the caching of
that action) instead of relying on the default JDK of the runner image.

* Enable Dependabot for GitHub actions

---------

Co-authored-by: Éamonn McManus <emcmanus@google.com>
This commit is contained in:
Marcono1234 2024-01-29 18:00:13 +01:00 committed by GitHub
parent 46ab704221
commit 87a391363e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 28 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/dependabot.yml vendored
View File

@ -4,3 +4,8 @@ updates:
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"

12
.github/workflows/build.yml vendored
View File

@ -19,9 +19,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: "Set up JDK ${{ matrix.java }}"
uses: actions/setup-java@v3
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
@ -35,9 +35,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: "Set up GraalVM"
uses: graalvm/setup-graalvm@v1
uses: graalvm/setup-graalvm@b8dc5fccfbc65b21dd26e8341e7b21c86547f61b # v1.1.5.1
with:
java-version: '17'
distribution: 'graalvm'
@ -54,9 +54,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: "Set up JDK 17"
uses: actions/setup-java@v3
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: 17

4
.github/workflows/check-android-compatibility.yml vendored
View File

@ -14,10 +14,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: '11'

8
.github/workflows/check-api-compatibility.yml vendored
View File

@ -10,13 +10,13 @@ jobs:
steps:
- name: Checkout old version
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.event.pull_request.base.sha }}
path: 'gson-old-japicmp'
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: '11'
@ -31,7 +31,7 @@ jobs:
mvn --batch-mode --no-transfer-progress install -DskipTests
- name: Checkout new version
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Check API compatibility
id: check-compatibility
@ -39,7 +39,7 @@ jobs:
mvn --batch-mode --fail-at-end --no-transfer-progress package japicmp:cmp -DskipTests
- name: Upload API differences artifacts
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
# Run on workflow success (in that case differences report might include added methods and classes)
# or when API compatibility check failed
if: success() || ( failure() && steps.check-compatibility.outcome == 'failure' )

2
.github/workflows/cifuzz.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
fuzz-seconds: 600
dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v1
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
if: failure() && steps.build.outcome == 'success'
with:
name: artifacts

21
.github/workflows/codeql-analysis.yml vendored
View File

@ -25,24 +25,23 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up JDK 17
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
# Initializes the CodeQL tools for scanning
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
with:
languages: ${{ matrix.language }}
# Run all security queries and maintainability and reliability queries
queries: +security-and-quality
- name: Cache local Maven repository
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
# Only compile main sources, but ignore test sources because findings for them might not
# be that relevant (though GitHub security view also allows filtering by source type)
# Can replace this with github/codeql-action/autobuild action to run complete build
@ -51,4 +50,4 @@ jobs:
mvn compile --batch-mode --no-transfer-progress
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0