This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/2.x by this push:
new d71dcb1c49 Switch `logging-parent` refs in CI from hashes to tags
d71dcb1c49 is described below
commit d71dcb1c49ece415edfa08a4742eff06f49947c7
Author: Volkan Yazıcı <[email protected]>
AuthorDate: Fri Dec 22 10:42:15 2023 +0100
Switch `logging-parent` refs in CI from hashes to tags
dependabot is not able to update `logging-parent` GHA
workflow references that use hashes[1][2].
Switching to tags is safe, since `rel/`-prefixed tags are
protected by INFRA.
[1] dependabot/dependabot-core#8654
[2] dependabot/dependabot-core#6269
---
.github/workflows/build.yaml | 6 ++---
.github/workflows/codeql-analysis.yaml | 2 +-
.github/workflows/merge-dependabot.yaml | 4 ++--
.github/workflows/scorecards-analysis.yaml | 35 +-----------------------------
4 files changed, 7 insertions(+), 40 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 7003fa1808..e56b5e7ac9 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -38,7 +38,7 @@ jobs:
build:
if: github.actor != 'dependabot[bot]'
- uses:
apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e
# 10.4.0
+ uses:
apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0
with:
java-version: |
8
@@ -48,7 +48,7 @@ jobs:
deploy-snapshot:
needs: build
if: github.repository == 'apache/logging-log4j2' && github.ref_name ==
'2.x'
- uses:
apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e
# 10.4.0
+ uses:
apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/10.5.0
# Secrets for deployments
secrets:
NEXUS_USER: ${{ secrets.NEXUS_USER }}
@@ -61,7 +61,7 @@ jobs:
deploy-release:
needs: build
if: github.repository == 'apache/logging-log4j2' &&
startsWith(github.ref_name, 'release/')
- uses:
apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e
# 10.4.0
+ uses:
apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/10.5.0
# Secrets for deployments
secrets:
GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
diff --git a/.github/workflows/codeql-analysis.yaml
b/.github/workflows/codeql-analysis.yaml
index da21d51824..862a5b31ae 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -30,7 +30,7 @@ permissions: read-all
jobs:
analyze:
- uses:
apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e
# 10.4.0
+ uses:
apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/10.5.0
with:
java-version: |
8
diff --git a/.github/workflows/merge-dependabot.yaml
b/.github/workflows/merge-dependabot.yaml
index ef4c590188..8a323318a9 100644
--- a/.github/workflows/merge-dependabot.yaml
+++ b/.github/workflows/merge-dependabot.yaml
@@ -30,7 +30,7 @@ jobs:
build:
if: github.repository == 'apache/logging-log4j2' && github.event_name ==
'pull_request_target' && github.actor == 'dependabot[bot]'
- uses:
apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e
# 10.4.0
+ uses:
apache/logging-parent/.github/workflows/build-reusable.yaml@ref/10.5.0
with:
java-version: |
8
@@ -38,7 +38,7 @@ jobs:
merge-dependabot:
needs: build
- uses:
apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e
# 10.4.0
+ uses:
apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/10.5.0
with:
java-version: 17
permissions:
diff --git a/.github/workflows/scorecards-analysis.yaml
b/.github/workflows/scorecards-analysis.yaml
index c776cebe39..7081045221 100644
--- a/.github/workflows/scorecards-analysis.yaml
+++ b/.github/workflows/scorecards-analysis.yaml
@@ -29,43 +29,10 @@ permissions: read-all
jobs:
analysis:
-
- name: "Scorecards analysis"
- runs-on: ubuntu-latest
+ uses:
apache/logging-parent/.github/workflows/scorecards-analysis-reusable.yaml@rel/10.5.0
permissions:
# Needed to upload the results to the code-scanning dashboard.
security-events: write
actions: read
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
-
- steps:
-
- - name: "Checkout code"
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #
4.1.1
- with:
- persist-credentials: false
-
- - name: "Run analysis"
- uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736
# 2.3.1
- with:
- results_file: results.sarif
- results_format: sarif
- # A read-only PAT token, which is sufficient for the action to
function.
- # The relevant discussion:
https://github.com/ossf/scorecard-action/issues/188
- repo_token: ${{ secrets.GITHUB_TOKEN }}
- # Publish the results for public repositories to enable scorecard
badges.
- # For more details:
https://github.com/ossf/scorecard-action#publishing-results
- publish_results: true
-
- - name: "Upload artifact"
- uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392
# 3.1.0
- with:
- name: SARIF file
- path: results.sarif
- retention-days: 5
-
- - name: "Upload to code-scanning"
- uses:
github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c #
2.1.22
- with:
- sarif_file: results.sarif
