This is an automated email from the ASF dual-hosted git repository. sjaranowski pushed a commit to branch gh-actions-update in repository https://gitbox.apache.org/repos/asf/maven.git
commit e8e1a34a8c7299aee7bf4cf5fce26bc2b36b678c Author: Slawomir Jaranowski <[email protected]> AuthorDate: Sat Nov 12 18:03:02 2022 +0100 Update actions in GH build Old actions use deprecated node 12 - cache v2 -> v3 - checkout v2 -> v3 - download-artifact v2 -> v3 - setup-java v2 -> v3 - disable access to GITHUB_TOKEN - don't store credentials with checkout - don't execute build for PR from local repository branches - we have build on push event --- .github/workflows/maven.yml | 26 +++++++++++++++++++------- .github/workflows/maven_build_itself.yml | 14 ++++++++++++-- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 3b82ac148..f9b093809 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -19,8 +19,15 @@ name: Java CI on: [push, pull_request] +# clare all permissions for GITHUB_TOKEN +permissions: {} + jobs: build: + + # execute on any push or pull request from forked repo + if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork ) + strategy: matrix: os: [ubuntu-latest, windows-latest, macOS-latest] @@ -29,8 +36,11 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v2 - - uses: actions/setup-java@v2 + - uses: actions/checkout@v3 + with: + persist-credentials: false + + - uses: actions/setup-java@v3 with: java-version: 8 distribution: 'temurin' @@ -40,7 +50,7 @@ jobs: run: mvn verify -e -B -V -DdistributionFileName=apache-maven - name: Upload built Maven - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 if: ${{ matrix.os == 'ubuntu-latest' }} with: name: built-maven @@ -89,14 +99,16 @@ jobs: echo "REPO_USER=$target_user" >> $GITHUB_ENV - name: Checkout maven-integration-testing - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: repository: ${{ env.REPO_USER }}/maven-integration-testing path: maven-integration-testing/ ref: ${{ env.REPO_BRANCH }} + persist-credentials: false + - name: Set up cache for ~/.m2/repository - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.m2/repository key: it-m2-repo-${{ matrix.os }}-${{ hashFiles('maven-integration-testing/**/pom.xml') }} @@ -104,13 +116,13 @@ jobs: it-m2-repo-${{ matrix.os }}- - name: Download built Maven - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: built-maven path: built-maven/ - name: Set up JDK - uses: actions/setup-java@v2 + uses: actions/setup-java@v3 with: java-version: ${{ matrix.java }} distribution: 'temurin' diff --git a/.github/workflows/maven_build_itself.yml b/.github/workflows/maven_build_itself.yml index 348f260d1..2f6e828b3 100644 --- a/.github/workflows/maven_build_itself.yml +++ b/.github/workflows/maven_build_itself.yml @@ -19,8 +19,15 @@ name: Can Maven build itself on: [push, pull_request] +# clare all permissions for GITHUB_TOKEN +permissions: {} + jobs: build: + + # execute on any push or pull request from forked repo + if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork ) + strategy: matrix: os: [ubuntu-latest, windows-latest] @@ -30,8 +37,11 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v2 - - uses: actions/setup-java@v2 + - uses: actions/checkout@v3 + with: + persist-credentials: false + + - uses: actions/setup-java@v3 with: java-version: ${{ matrix.java }} distribution: 'temurin'
