From d63adf16ac5d9f763beeaa39932866ec83ee8172 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volkan=20Yaz=C4=B1c=C4=B1?= Date: Thu, 21 Dec 2023 13:50:15 +0100 Subject: [PATCH] Switch `logging-parent` refs in CI to tags dependabot is not able to update `logging-parent` GHA workflow references that use hashes[1][2]. Switching to tags is safe, since `rel/`-prefixed tags are protected by INFRA. [1] dependabot/dependabot-core#8654 [2] dependabot/dependabot-core#6269 --- .github/workflows/build.yaml | 6 +++--- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/merge-dependabot.yaml | 4 ++-- .github/workflows/scorecards-analysis.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e170457..9eefb14 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -44,12 +44,12 @@ jobs: build: if: github.actor != 'dependabot[bot]' - uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0 deploy-snapshot: needs: build if: github.repository == 'apache/logging-log4j-jmx-gui' && github.ref == 'refs/heads/main' - uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/10.5.0 # Secrets for deployments secrets: NEXUS_USER: ${{ secrets.NEXUS_USER }} @@ -58,7 +58,7 @@ jobs: deploy-release: needs: build if: github.repository == 'apache/logging-log4j-jmx-gui' && startsWith(github.ref_name, 'release/') - uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/10.5.0 # Secrets for deployments secrets: GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 031e60d..e6bb117 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -31,7 +31,7 @@ permissions: read-all jobs: analyze: - uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/10.5.0 # Permissions required to publish Security Alerts permissions: actions: read diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml index 8c87dde..c2bdab2 100644 --- a/.github/workflows/merge-dependabot.yaml +++ b/.github/workflows/merge-dependabot.yaml @@ -30,11 +30,11 @@ jobs: build: if: github.repository == 'apache/logging-log4j-jmx-gui' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]' - uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0 merge-dependabot: needs: build - uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/10.5.0 permissions: contents: write # to push changelog commits pull-requests: write # to close the PR diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 56e5ca6..c98f615 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -29,7 +29,7 @@ permissions: read-all jobs: analysis: - uses: apache/logging-parent/.github/workflows/scorecards-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/scorecards-analysis-reusable.yaml@rel/10.5.0 permissions: # Needed to upload the results to the code-scanning dashboard. security-events: write