Update github actions

RADAR-base · May 9, 2022 · e5f3355 · e5f3355
1 parent 318d3ce
commit e5f3355
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 52 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -16,23 +16,15 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v3
         with:
+          distribution: temurin
           java-version: 11
 
-      - name: Cache
-        uses: actions/cache@v2
-        with:
-          # Cache gradle directories
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          # Key for restoring and saving the cache
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
 
       # Compile the code
       - name: Compile code

diff --git a/.github/workflows/publish_snapshots.yml b/.github/workflows/publish_snapshots.yml
@@ -15,27 +15,19 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Has SNAPSHOT version
         id: is-snapshot
         run: grep "version = '.*-SNAPSHOT'" build.gradle
 
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v3
         with:
+          distribution: temurin
           java-version: 11
 
-      - name: Cache
-        uses: actions/cache@v2
-        with:
-          # Cache gradle directories
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          # Key for restoring and saving the cache
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
 
       - name: Install gpg secret key
         run: |

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,22 +13,15 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-java@v3
         with:
+          distribution: temurin
           java-version: 11
 
-      - name: Cache
-        uses: actions/cache@v2
-        with:
-          # Cache gradle directories
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          # Key for restoring and saving the cache
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
 
       # Compile code
       - name: Compile code

diff --git a/.github/workflows/scheduled_snyk.yaml b/.github/workflows/scheduled_snyk.yaml
@@ -8,14 +8,26 @@ jobs:
     env:
       REPORT_FILE: test.json
     steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/gradle-jdk11@master
+      - uses: actions/checkout@v3
+      - uses: snyk/actions/setup@master
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 11
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Run Snyk
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          command: test
-          args: --json-file-output=${{ env.REPORT_FILE }}
+        run: >
+          snyk test
+          --all-sub-projects
+          --configuration-matching='^runtimeClasspath$'
+          --json-file-output=${{ env.REPORT_FILE }}
+          --org=radar-base
       - name: Report new vulnerabilities
         uses: thehyve/report-vulnerability@master
         with:

diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
@@ -7,10 +7,24 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: Run Snyk to check for vulnerabilities
-      uses: snyk/actions/gradle-jdk11@master
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        args: --severity-threshold=high
+      - uses: actions/checkout@v3
+      - uses: snyk/actions/setup@master
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 11
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Run Snyk to check for vulnerabilities
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: >
+          snyk test
+          --all-sub-projects
+          --configuration-matching='^runtimeClasspath$'
+          --fail-on=upgradable
+          --org=radar-base
+          --severity-threshold=high