From c683687ddccd1f90af85c58fa16a6ab260ea3fef Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Tue, 1 Aug 2023 02:15:31 +0200 Subject: [PATCH] chore(deps): update github-actions (#2493) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/setup-java | action | digest | `cd89f46` -> `b943a4e` | | [actions/setup-java](https://togithub.com/actions/setup-java) | action | minor | `v3.11.0` -> `v3.12.0` | | [actions/setup-java](https://togithub.com/actions/setup-java) | action | digest | `5ffc13f` -> `cd89f46` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v2.21.0` -> `v2.21.2` | | [gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action) | action | minor | `v2.6.1` -> `v2.7.0` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes
actions/setup-java (actions/setup-java) ### [`v3.12.0`](https://togithub.com/actions/setup-java/releases/tag/v3.12.0) [Compare Source](https://togithub.com/actions/setup-java/compare/v3.11.0...v3.12.0) In scope of this release the following changes were made: **Bug fixes:** - Always check postfix "Contents/Home" on macOS by [@​erwin1](https://togithub.com/erwin1) in [https://github.com/actions/setup-java/pull/397](https://togithub.com/actions/setup-java/pull/397) - Fix sbt/scala cache key by [@​Dogacel](https://togithub.com/Dogacel) in [https://github.com/actions/setup-java/pull/478](https://togithub.com/actions/setup-java/pull/478) - Corretto toolcache folder name fix by [@​IvanZosimov](https://togithub.com/IvanZosimov) in [https://github.com/actions/setup-java/pull/480](https://togithub.com/actions/setup-java/pull/480) - Update versions of Oracle JDK and Microsoft Build of OpenJDK by [@​anishi1222](https://togithub.com/anishi1222) in [https://github.com/actions/setup-java/pull/489](https://togithub.com/actions/setup-java/pull/489) - Update Oracle JDK download URL calculation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-java/pull/507](https://togithub.com/actions/setup-java/pull/507) **Feature implementations:** - Add versions properties to cache by [@​Endi327](https://togithub.com/Endi327) in [https://github.com/actions/setup-java/pull/280](https://togithub.com/actions/setup-java/pull/280) **Resolving dependencies issues:** - Remove implicit dependencies by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-java/pull/494](https://togithub.com/actions/setup-java/pull/494) - Update xml2js by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-java/pull/484](https://togithub.com/actions/setup-java/pull/484) - Update dependencies by [@​IvanZosimov](https://togithub.com/IvanZosimov) in [https://github.com/actions/setup-java/pull/511](https://togithub.com/actions/setup-java/pull/511) **Infrastructure updates:** - Fix glob bug in package.json scripts section by [@​IvanZosimov](https://togithub.com/IvanZosimov) in [https://github.com/actions/setup-java/pull/475](https://togithub.com/actions/setup-java/pull/475) - Update mocks by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-java/pull/498](https://togithub.com/actions/setup-java/pull/498) **Documentation changes:** - Instruction to download custom distribution JDK and install by [@​ragsmpl](https://togithub.com/ragsmpl) in [https://github.com/actions/setup-java/pull/500](https://togithub.com/actions/setup-java/pull/500) #### New Contributors - [@​erwin1](https://togithub.com/erwin1) made their first contribution in [https://github.com/actions/setup-java/pull/397](https://togithub.com/actions/setup-java/pull/397) - [@​Dogacel](https://togithub.com/Dogacel) made their first contribution in [https://github.com/actions/setup-java/pull/478](https://togithub.com/actions/setup-java/pull/478) - [@​anishi1222](https://togithub.com/anishi1222) made their first contribution in [https://github.com/actions/setup-java/pull/489](https://togithub.com/actions/setup-java/pull/489) - [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) made their first contribution in [https://github.com/actions/setup-java/pull/498](https://togithub.com/actions/setup-java/pull/498) - [@​ragsmpl](https://togithub.com/ragsmpl) made their first contribution in [https://github.com/actions/setup-java/pull/500](https://togithub.com/actions/setup-java/pull/500) - [@​Endi327](https://togithub.com/Endi327) made their first contribution in [https://github.com/actions/setup-java/pull/280](https://togithub.com/actions/setup-java/pull/280) **Full Changelog**: https://github.com/actions/setup-java/compare/v3...v3.12.0
github/codeql-action (github/codeql-action) ### [`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) ### [`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)
gradle/gradle-build-action (gradle/gradle-build-action) ### [`v2.7.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.0) [Compare Source](https://togithub.com/gradle/gradle-build-action/compare/v2.6.1...v2.7.0) ##### GitHub Dependency Graph support In this release, the GitHub Dependency Graph support is no longer considered "experimental", and should be considered ready for production use. You can read more about the Dependency Graph support in [the README chapter](https://togithub.com/gradle/gradle-build-action#github-dependency-graph-support). ##### Changes - Update to [`github-dependency-graph-gradle-plugin@v0.2.0`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin/0.2.0) - Dependency graph uses Gradle Settings file as manifest location (if Settings file exists) - Adds a `dependency-graph-file` output to any step that generates a Dependency Graph file ##### Changelog
--- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator). --------- Signed-off-by: Mend Renovate Signed-off-by: Ian Lewis Co-authored-by: Ian Lewis --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/publish_maven.yml | 2 +- .github/workflows/scorecards.yml | 2 +- actions/gradle/publish/action.yml | 2 +- internal/builders/bazel/action.yml | 2 +- internal/builders/gradle/action.yml | 4 ++-- internal/builders/maven/action.yml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b0734848d8..658217701e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -59,7 +59,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -72,7 +72,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2 # Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -85,7 +85,7 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2 # NOTE: Checks that the matrix job above completes successfully. # This is necessary because the matrix strategy generates new jobs with diff --git a/.github/workflows/publish_maven.yml b/.github/workflows/publish_maven.yml index b279481efa..cac8f2f10c 100644 --- a/.github/workflows/publish_maven.yml +++ b/.github/workflows/publish_maven.yml @@ -51,7 +51,7 @@ jobs: - name: Checkout the project repository uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main - name: Set up Java for publishing to Maven Central Repository - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 env: MAVEN_USERNAME: ${{ secrets.maven-username }} MAVEN_PASSWORD: ${{ secrets.maven-password }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 87c84baa59..a028ec5963 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0 + uses: github/codeql-action/upload-sarif@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2 with: sarif_file: results.sarif diff --git a/actions/gradle/publish/action.yml b/actions/gradle/publish/action.yml index 0d69eb9cc4..dc217d3d1a 100644 --- a/actions/gradle/publish/action.yml +++ b/actions/gradle/publish/action.yml @@ -48,7 +48,7 @@ runs: steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Set up JDK - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 env: MAVEN_USERNAME: ${{ inputs.maven-username }} MAVEN_PASSWORD: ${{ inputs.maven-password }} diff --git a/internal/builders/bazel/action.yml b/internal/builders/bazel/action.yml index a5f722e96e..b8710239ed 100644 --- a/internal/builders/bazel/action.yml +++ b/internal/builders/bazel/action.yml @@ -53,7 +53,7 @@ runs: - name: Setup Java id: java - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: distribution: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-distribution }}" java-version: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-version }}" diff --git a/internal/builders/gradle/action.yml b/internal/builders/gradle/action.yml index 7bc07074d1..72d262468b 100644 --- a/internal/builders/gradle/action.yml +++ b/internal/builders/gradle/action.yml @@ -54,12 +54,12 @@ runs: steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Set up JDK - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: distribution: temurin java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }} - name: Setup Gradle - uses: gradle/gradle-build-action@915a66c096a03101667f9df2e56c9efef558b165 # v2.6.1 + uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0 with: arguments: build -x test - name: Put release artifacts in one directory diff --git a/internal/builders/maven/action.yml b/internal/builders/maven/action.yml index 9072915ab2..0341de7353 100644 --- a/internal/builders/maven/action.yml +++ b/internal/builders/maven/action.yml @@ -54,7 +54,7 @@ runs: steps: - uses: actions/checkout@96f53100ba2a5449eb71d2e6604bbcd94b9449b5 # v 3.5.2 - name: Set up JDK - uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v 3.11.0 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: distribution: temurin java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }}