From e89b0f3c8bb41361c7f016b6696e714c01488f04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Volkan=20Yaz=C4=B1c=C4=B1?= <volkan@yazi.ci>
Date: Thu, 21 Dec 2023 13:45:21 +0100
Subject: [PATCH] Switch `logging-parent` refs in CI from hashes to tags

dependabot is not able to update `logging-parent` GHA
workflow references that use hashes[1][2].

Switching to tags is safe, since `rel/`-prefixed tags are
protected by INFRA.

[1] dependabot/dependabot-core#8654
[2] dependabot/dependabot-core#6269
---
 .github/workflows/build.yaml            | 9 +++------
 .github/workflows/merge-dependabot.yaml | 4 ++--
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c185a2a..9cff039 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -38,14 +38,14 @@ jobs:
 
   build:
     if: github.actor != 'dependabot[bot]'
-    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0
     with:
       site-enabled: true
 
   deploy-snapshot:
     needs: build
     if: github.repository == 'apache/logging-log4j-kotlin' && github.ref_name == 'main'
-    uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+    uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/10.5.0
     # Secrets for deployments
     secrets:
       NEXUS_USER: ${{ secrets.NEXUS_USER }}
@@ -54,7 +54,7 @@ jobs:
   deploy-release:
     needs: build
     if: github.repository == 'apache/logging-log4j-kotlin' && startsWith(github.ref_name, 'release/')
-    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+    uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/10.5.0
     # Secrets for deployments
     secrets:
       GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
@@ -67,7 +67,4 @@ jobs:
       contents: write
     with:
       project-id: log4j-kotlin
-      distribution-attachment-filepath-pattern: |-
-        '^.*/target/log4j-api-kotlin-'${PROJECT_VERSION}'\\.jar$'
-      distribution-attachment-count: 1
       site-enabled: true
diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml
index ab601c9..02f090e 100644
--- a/.github/workflows/merge-dependabot.yaml
+++ b/.github/workflows/merge-dependabot.yaml
@@ -30,11 +30,11 @@ jobs:
 
   build:
     if: github.repository == 'apache/logging-log4j-kotlin' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]'
-    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+    uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0
 
   merge-dependabot:
     needs: build
-    uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+    uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/10.5.0
     permissions:
       contents: write                                             # to push changelog commits
       pull-requests: write                                        # to close the PR