This is an automated email from the ASF dual-hosted git repository. vy pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/logging-log4j-transform.git
commit 50ff7976d0e996434a4090dcf7334d9d6d445384 Author: Volkan Yazıcı <[email protected]> AuthorDate: Thu Dec 21 13:59:06 2023 +0100 Switch `logging-parent` refs in CI from hashes to tags dependabot is not able to update `logging-parent` GHA workflow references that use hashes[1][2]. Switching to tags is safe, since `rel/`-prefixed tags are protected by INFRA. [1] dependabot/dependabot-core#8654 [2] dependabot/dependabot-core#6269 --- .github/workflows/build.yaml | 6 +++--- .github/workflows/merge-dependabot.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 178e898..509cc81 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -38,14 +38,14 @@ jobs: build: if: github.actor != 'dependabot[bot]' - uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0 with: site-enabled: true deploy-snapshot: needs: build if: github.repository == 'apache/logging-log4j-transform' && github.ref_name == 'main' - uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/10.5.0 # Secrets for deployments secrets: NEXUS_USER: ${{ secrets.NEXUS_USER }} @@ -54,7 +54,7 @@ jobs: deploy-release: needs: build if: github.repository == 'apache/logging-log4j-transform' && startsWith(github.ref_name, 'release/') - uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/10.5.0 # Secrets for deployments secrets: GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }} diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml index 9ad4d76..70dc6d0 100644 --- a/.github/workflows/merge-dependabot.yaml +++ b/.github/workflows/merge-dependabot.yaml @@ -30,11 +30,11 @@ jobs: build: if: github.repository == 'apache/logging-log4j-transform' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]' - uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0 merge-dependabot: needs: build - uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0 + uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/10.5.0 permissions: contents: write # to push changelog commits pull-requests: write # to close the PR
