From e5f3355119120e12185356260afcee3763fe0ba3 Mon Sep 17 00:00:00 2001 From: Joris Borgdorff Date: Mon, 9 May 2022 10:04:35 +0200 Subject: [PATCH] Update github actions --- .github/workflows/main.yml | 18 +++++----------- .github/workflows/publish_snapshots.yml | 18 +++++----------- .github/workflows/release.yml | 19 ++++++----------- .github/workflows/scheduled_snyk.yaml | 24 +++++++++++++++------ .github/workflows/snyk.yaml | 28 ++++++++++++++++++------- 5 files changed, 55 insertions(+), 52 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5afb0577..9e9e0d2f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,23 +16,15 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - - uses: actions/setup-java@v1 + - uses: actions/setup-java@v3 with: + distribution: temurin java-version: 11 - - name: Cache - uses: actions/cache@v2 - with: - # Cache gradle directories - path: | - ~/.gradle/caches - ~/.gradle/wrapper - # Key for restoring and saving the cache - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties') }} - restore-keys: | - ${{ runner.os }}-gradle- + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 # Compile the code - name: Compile code diff --git a/.github/workflows/publish_snapshots.yml b/.github/workflows/publish_snapshots.yml index a89a77bf..0467415f 100644 --- a/.github/workflows/publish_snapshots.yml +++ b/.github/workflows/publish_snapshots.yml @@ -15,27 +15,19 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Has SNAPSHOT version id: is-snapshot run: grep "version = '.*-SNAPSHOT'" build.gradle - - uses: actions/setup-java@v1 + - uses: actions/setup-java@v3 with: + distribution: temurin java-version: 11 - - name: Cache - uses: actions/cache@v2 - with: - # Cache gradle directories - path: | - ~/.gradle/caches - ~/.gradle/wrapper - # Key for restoring and saving the cache - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties') }} - restore-keys: | - ${{ runner.os }}-gradle- + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 - name: Install gpg secret key run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9feed302..11f3f940 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,22 +13,15 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - uses: actions/setup-java@v1 + - uses: actions/checkout@v3 + + - uses: actions/setup-java@v3 with: + distribution: temurin java-version: 11 - - name: Cache - uses: actions/cache@v2 - with: - # Cache gradle directories - path: | - ~/.gradle/caches - ~/.gradle/wrapper - # Key for restoring and saving the cache - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', 'gradle.properties') }} - restore-keys: | - ${{ runner.os }}-gradle- + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 # Compile code - name: Compile code diff --git a/.github/workflows/scheduled_snyk.yaml b/.github/workflows/scheduled_snyk.yaml index 46074dfb..51cda1c7 100644 --- a/.github/workflows/scheduled_snyk.yaml +++ b/.github/workflows/scheduled_snyk.yaml @@ -8,14 +8,26 @@ jobs: env: REPORT_FILE: test.json steps: - - uses: actions/checkout@master - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/gradle-jdk11@master + - uses: actions/checkout@v3 + - uses: snyk/actions/setup@master + + - uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: 11 + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + + - name: Run Snyk env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - command: test - args: --json-file-output=${{ env.REPORT_FILE }} + run: > + snyk test + --all-sub-projects + --configuration-matching='^runtimeClasspath$' + --json-file-output=${{ env.REPORT_FILE }} + --org=radar-base - name: Report new vulnerabilities uses: thehyve/report-vulnerability@master with: diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml index 890b84f6..8777034e 100644 --- a/.github/workflows/snyk.yaml +++ b/.github/workflows/snyk.yaml @@ -7,10 +7,24 @@ jobs: security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/gradle-jdk11@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --severity-threshold=high + - uses: actions/checkout@v3 + - uses: snyk/actions/setup@master + + - uses: actions/setup-java@v3 + with: + distribution: temurin + java-version: 11 + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + + - name: Run Snyk to check for vulnerabilities + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + run: > + snyk test + --all-sub-projects + --configuration-matching='^runtimeClasspath$' + --fail-on=upgradable + --org=radar-base + --severity-threshold=high