Skip to content

Commit

Permalink
Merge pull request #319 from newrelic/pin-gh-actions
Browse files Browse the repository at this point in the history
pin gh actions
  • Loading branch information
jtduffy authored May 20, 2024
2 parents 3328e4e + 4cb1c90 commit c72d6eb
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 49 deletions.
29 changes: 14 additions & 15 deletions .github/workflows/publish_main_snapshot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,17 @@ jobs:
build-and-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Build with Gradle
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNING_KEY_ID }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
run: ./gradlew build publish

- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4
- name: Set up JDK 11
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Build with Gradle
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNING_KEY_ID }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
run: ./gradlew build publish
29 changes: 14 additions & 15 deletions .github/workflows/publish_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,17 @@ jobs:
build-and-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Build with Gradle
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNING_KEY_ID }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
run: ./gradlew build publish -Prelease=true

- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4
- name: Set up JDK 11
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Build with Gradle
env:
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }}
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNING_KEY_ID }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
run: ./gradlew build publish -Prelease=true
21 changes: 10 additions & 11 deletions .github/workflows/pull_request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,13 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Check formatting
run: ./gradlew verifyGoogleJavaFormat
- name: Check build and test
run: ./gradlew check javadoc

- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4
- name: Set up JDK 11
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Check formatting
run: ./gradlew verifyGoogleJavaFormat
- name: Check build and test
run: ./gradlew check javadoc
8 changes: 4 additions & 4 deletions .github/workflows/repolinter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ name: Repolinter Action
# Currently there is no elegant way to specify the default
# branch in the event filtering, so branches are instead
# filtered in the "Test Default Branch" step.
on: [push, workflow_dispatch]
on: [ push, workflow_dispatch ]

jobs:
repolint:
Expand All @@ -15,17 +15,17 @@ jobs:
steps:
- name: Test Default Branch
id: default-branch
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pin@v7
with:
script: |
const data = await github.rest.repos.get(context.repo)
return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0]
- name: Checkout Self
if: ${{ steps.default-branch.outputs.result == 'true' }}
uses: actions/checkout@v4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4
- name: Run Repolinter
if: ${{ steps.default-branch.outputs.result == 'true' }}
uses: newrelic/repolinter-action@v1
uses: newrelic/repolinter-action@3f4448f855c351e9695b24524a4111c7847b84cb # pin@v1
with:
config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-project.yml
output_type: issue
8 changes: 4 additions & 4 deletions .github/workflows/snyk_scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ name: Snyk Vulnerability Scan
on:
workflow_dispatch:
schedule:
- cron: '00 15 * * 1'
- cron: '00 15 * * 1'
push:
branches:
- main
Expand All @@ -14,12 +14,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4
with:
ref: 'main'

- name: Run Snyk To Check For Vulnerabilities
uses: snyk/actions/gradle-jdk11@master
uses: snyk/actions/gradle-jdk11@8349f9043a8b7f0f3ee8885bf28f0b388d2446e8 # pin@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
Expand Down

0 comments on commit c72d6eb

Please sign in to comment.