dependabot[bot]
42e0af31a2
Bump the github-actions group across 3 directories with 3 updates ( #609 )
...
Bumps the github-actions group with 3 updates in the / directory:
[actions/setup-node](https://github.com/actions/setup-node ),
[tj-actions/changed-files](https://github.com/tj-actions/changed-files )
and [actions/setup-java](https://github.com/actions/setup-java ).
Bumps the github-actions group with 1 update in the
/.github/actions/build-dist directory:
[actions/setup-node](https://github.com/actions/setup-node ).
Bumps the github-actions group with 1 update in the
/.github/actions/init-integ-test directory:
[actions/setup-java](https://github.com/actions/setup-java ).
Updates `actions/setup-node` from 4.3.0 to 4.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases ">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<h2>What's Changed</h2>
<h3>Bug fixes:</h3>
<ul>
<li>Make eslint-compact matcher compatible with Stylelint by <a
href="https://github.com/FloEdelmann "><code>@FloEdelmann</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/98 ">actions/setup-node#98</a></li>
<li>Add support for indented eslint output by <a
href="https://github.com/fregante "><code>@fregante</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1245 ">actions/setup-node#1245</a></li>
</ul>
<h3>Enhancement:</h3>
<ul>
<li>Support private mirrors by <a
href="https://github.com/marco-ippolito "><code>@marco-ippolito</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1240 ">actions/setup-node#1240</a></li>
</ul>
<h3>Dependency update:</h3>
<ul>
<li>Upgrade <code>@action/cache</code> from 4.0.2 to 4.0.3 by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1262 ">actions/setup-node#1262</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/FloEdelmann "><code>@FloEdelmann</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/98 ">actions/setup-node#98</a></li>
<li><a href="https://github.com/fregante "><code>@fregante</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1245 ">actions/setup-node#1245</a></li>
<li><a
href="https://github.com/marco-ippolito "><code>@marco-ippolito</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1240 ">actions/setup-node#1240</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v4.4.0 ">https://github.com/actions/setup-node/compare/v4...v4.4.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="49933ea528https://redirect.github.com/actions/setup-node/issues/1262 ">#1262</a>)</li>
<li><a
href="e3ce749e20https://redirect.github.com/actions/setup-node/issues/1240 ">#1240</a>)</li>
<li><a
href="40337cb8f7https://redirect.github.com/actions/setup-node/issues/1245 ">#1245</a>)</li>
<li><a
href="1ccdddc9b8https://redirect.github.com/actions/setup-node/issues/98 ">#98</a>)</li>
<li>See full diff in <a
href="cdca7365b2...49933ea528https://github.com/tj-actions/changed-files/releases ">tj-actions/changed-files's
releases</a>.</em></p>
<blockquote>
<h2>v46.0.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgraded to v46.0.4 by <a
href="https://github.com/github-actions "><code>@github-actions</code></a>
in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2511 ">tj-actions/changed-files#2511</a></li>
<li>chore(deps): bump tj-actions/verify-changed-files from 20.0.1 to
20.0.4 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2523 ">tj-actions/changed-files#2523</a></li>
<li>chore(deps): bump tj-actions/branch-names from 8.0.1 to 8.1.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2521 ">tj-actions/changed-files#2521</a></li>
<li>chore(deps): bump github/codeql-action from 3.28.12 to 3.28.15 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2530 ">tj-actions/changed-files#2530</a></li>
<li>chore(deps-dev): bump ts-jest from 29.2.6 to 29.3.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2518 ">tj-actions/changed-files#2518</a></li>
<li>chore(deps-dev): bump eslint-plugin-prettier from 5.2.3 to 5.2.6 by
<a href="https://github.com/dependabot "><code>@dependabot</code></a> in
<a
href="https://redirect.github.com/tj-actions/changed-files/pull/2519 ">tj-actions/changed-files#2519</a></li>
<li>chore(deps-dev): bump <code>@types/node</code> from 22.13.11 to
22.14.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2517 ">tj-actions/changed-files#2517</a></li>
<li>chore(deps-dev): bump typescript from 5.8.2 to 5.8.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2516 ">tj-actions/changed-files#2516</a></li>
<li>chore(deps): bump yaml from 2.7.0 to 2.7.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/tj-actions/changed-files/pull/2520 ">tj-actions/changed-files#2520</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tj-actions/changed-files/compare/v46...v46.0.5 ">https://github.com/tj-actions/changed-files/compare/v46...v46.0.5 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md ">tj-actions/changed-files's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.4...v46.0.5 ">46.0.5</a>
- (2025-04-09)</h1>
<h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2>
<ul>
<li><strong>deps:</strong> Bump yaml from 2.7.0 to 2.7.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2520 ">#2520</a>)
(<a
href="ed68ef82c0https://redirect.github.com/tj-actions/changed-files/issues/2516 ">#2516</a>)
(<a
href="a7bc14b808https://redirect.github.com/tj-actions/changed-files/issues/2517 ">#2517</a>)
(<a
href="3d751f6b6dhttps://redirect.github.com/tj-actions/changed-files/issues/2519 ">#2519</a>)
(<a
href="e2fda4ec3chttps://redirect.github.com/tj-actions/changed-files/issues/2518 ">#2518</a>)
(<a
href="0bed1b1132https://redirect.github.com/tj-actions/changed-files/issues/2530 ">#2530</a>)
(<a
href="68024587dchttps://redirect.github.com/tj-actions/changed-files/issues/2521 ">#2521</a>)
(<a
href="cf2e39e86bhttps://redirect.github.com/tj-actions/changed-files/issues/2523 ">#2523</a>)
(<a
href="6abeaa506a⬆️ Upgrades</h2>
<ul>
<li>Upgraded to v46.0.4 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2511 ">#2511</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="6f67ee9ac8https://github.com/tj-actions/changed-files/compare/v46.0.3...v46.0.4 ">46.0.4</a>
- (2025-04-03)</h1>
<h2><!-- raw HTML omitted -->🐛 Bug Fixes</h2>
<ul>
<li>Bug modified_keys and changed_key outputs not set when no changes
detected (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2509 ">#2509</a>)
(<a
href="6cb76d07be📚 Documentation</h2>
<ul>
<li>Update readme (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2508 ">#2508</a>)
(<a
href="b74df86ccb⬆️ Upgrades</h2>
<ul>
<li>Upgraded to v46.0.3 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2506 ">#2506</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted -->
Co-authored-by: Tonye Jack <a
href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a
href="27ae6b33eahttps://github.com/tj-actions/changed-files/compare/v46.0.2...v46.0.3 ">46.0.3</a>
- (2025-03-23)</h1>
<h2><!-- raw HTML omitted -->🔄 Update</h2>
<ul>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2501 ">#2501</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="41e0de576ahttps://redirect.github.com/tj-actions/changed-files/issues/2499 ">#2499</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot] <!-- raw HTML omitted --> (<a
href="945787811a📚 Documentation</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ed68ef82c0https://redirect.github.com/tj-actions/changed-files/issues/2520 ">#2520</a>)</li>
<li><a
href="a7bc14b808https://redirect.github.com/tj-actions/changed-files/issues/2516 ">#2516</a>)</li>
<li><a
href="3d751f6b6dhttps://redirect.github.com/tj-actions/changed-files/issues/2517 ">#2517</a>)</li>
<li><a
href="e2fda4ec3chttps://redirect.github.com/tj-actions/changed-files/issues/2519 ">#2519</a>)</li>
<li><a
href="0bed1b1132https://redirect.github.com/tj-actions/changed-files/issues/2518 ">#2518</a>)</li>
<li><a
href="68024587dchttps://redirect.github.com/tj-actions/changed-files/issues/2530 ">#2530</a>)</li>
<li><a
href="cf2e39e86bhttps://redirect.github.com/tj-actions/changed-files/issues/2521 ">#2521</a>)</li>
<li><a
href="6abeaa506ahttps://redirect.github.com/tj-actions/changed-files/issues/2523 ">#2523</a>)</li>
<li><a
href="6f67ee9ac8https://redirect.github.com/tj-actions/changed-files/issues/2511 ">#2511</a>)</li>
<li>See full diff in <a
href="6cb76d07be...ed68ef82c0https://github.com/actions/setup-java/releases ">actions/setup-java's
releases</a>.</em></p>
<blockquote>
<h2>v4.7.1</h2>
<h2>What's Changed</h2>
<h3>Documentation changes</h3>
<ul>
<li>Add Documentation to Recommend Using GraalVM JDK 17 Version to
17.0.12 to Align with GFTC License Terms by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/704 ">actions/setup-java#704</a></li>
<li>Remove duplicated GraalVM section in documentation by <a
href="https://github.com/Marcono1234 "><code>@Marcono1234</code></a> in
<a
href="https://redirect.github.com/actions/setup-java/pull/716 ">actions/setup-java#716</a></li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/766 ">actions/setup-java#766</a></li>
<li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/744 ">actions/setup-java#744</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.2.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/743 ">actions/setup-java#743</a></li>
<li>Upgrade <code>@action/cache</code> to 4.0.3 by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/773 ">actions/setup-java#773</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-java/compare/v4...v4.7.1 ">https://github.com/actions/setup-java/compare/v4...v4.7.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c5195efecfhttps://redirect.github.com/actions/setup-java/issues/773 ">#773</a>)</li>
<li><a
href="dd38875f93https://redirect.github.com/actions/setup-java/issues/743 ">#743</a>)</li>
<li><a
href="148017a9b0https://redirect.github.com/actions/setup-java/issues/744 ">#744</a>)</li>
<li><a
href="3b6c050358https://redirect.github.com/actions/setup-java/issues/716 ">#716</a>)</li>
<li><a
href="b8ebb8ba1dhttps://redirect.github.com/actions/setup-java/issues/766 ">#766</a>)</li>
<li><a
href="799ee7c97e3a4f6e1af5...c5195efecfhttps://github.com/actions/setup-node/releases ">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<h2>What's Changed</h2>
<h3>Bug fixes:</h3>
<ul>
<li>Make eslint-compact matcher compatible with Stylelint by <a
href="https://github.com/FloEdelmann "><code>@FloEdelmann</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/98 ">actions/setup-node#98</a></li>
<li>Add support for indented eslint output by <a
href="https://github.com/fregante "><code>@fregante</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1245 ">actions/setup-node#1245</a></li>
</ul>
<h3>Enhancement:</h3>
<ul>
<li>Support private mirrors by <a
href="https://github.com/marco-ippolito "><code>@marco-ippolito</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1240 ">actions/setup-node#1240</a></li>
</ul>
<h3>Dependency update:</h3>
<ul>
<li>Upgrade <code>@action/cache</code> from 4.0.2 to 4.0.3 by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1262 ">actions/setup-node#1262</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/FloEdelmann "><code>@FloEdelmann</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/98 ">actions/setup-node#98</a></li>
<li><a href="https://github.com/fregante "><code>@fregante</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1245 ">actions/setup-node#1245</a></li>
<li><a
href="https://github.com/marco-ippolito "><code>@marco-ippolito</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1240 ">actions/setup-node#1240</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v4.4.0 ">https://github.com/actions/setup-node/compare/v4...v4.4.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="49933ea528https://redirect.github.com/actions/setup-node/issues/1262 ">#1262</a>)</li>
<li><a
href="e3ce749e20https://redirect.github.com/actions/setup-node/issues/1240 ">#1240</a>)</li>
<li><a
href="40337cb8f7https://redirect.github.com/actions/setup-node/issues/1245 ">#1245</a>)</li>
<li><a
href="1ccdddc9b8https://redirect.github.com/actions/setup-node/issues/98 ">#98</a>)</li>
<li>See full diff in <a
href="cdca7365b2...49933ea528https://github.com/actions/setup-java/releases ">actions/setup-java's
releases</a>.</em></p>
<blockquote>
<h2>v4.7.1</h2>
<h2>What's Changed</h2>
<h3>Documentation changes</h3>
<ul>
<li>Add Documentation to Recommend Using GraalVM JDK 17 Version to
17.0.12 to Align with GFTC License Terms by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/704 ">actions/setup-java#704</a></li>
<li>Remove duplicated GraalVM section in documentation by <a
href="https://github.com/Marcono1234 "><code>@Marcono1234</code></a> in
<a
href="https://redirect.github.com/actions/setup-java/pull/716 ">actions/setup-java#716</a></li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/766 ">actions/setup-java#766</a></li>
<li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/744 ">actions/setup-java#744</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.2.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/743 ">actions/setup-java#743</a></li>
<li>Upgrade <code>@action/cache</code> to 4.0.3 by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/773 ">actions/setup-java#773</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-java/compare/v4...v4.7.1 ">https://github.com/actions/setup-java/compare/v4...v4.7.1 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c5195efecfhttps://redirect.github.com/actions/setup-java/issues/773 ">#773</a>)</li>
<li><a
href="dd38875f93https://redirect.github.com/actions/setup-java/issues/743 ">#743</a>)</li>
<li><a
href="148017a9b0https://redirect.github.com/actions/setup-java/issues/744 ">#744</a>)</li>
<li><a
href="3b6c050358https://redirect.github.com/actions/setup-java/issues/716 ">#716</a>)</li>
<li><a
href="b8ebb8ba1dhttps://redirect.github.com/actions/setup-java/issues/766 ">#766</a>)</li>
<li><a
href="799ee7c97e3a4f6e1af5...c5195efecf
2025-04-16 10:20:59 -06:00
StepSecurity Bot
edf5691417
[StepSecurity] ci: Harden GitHub Actions ( #597 )
...
## Summary
This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo ) at the request of
@bigdaz. Please merge the Pull Request to incorporate the requested
changes. Please tag @bigdaz on your message if you have any questions
related to the PR.
## Security Fixes
### Pinned Dependencies
GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.
- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions )
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies )
## Feedback
For bug reports, feature requests, and general feedback; please email
support@stepsecurity.io . To create such PRs, please visit
https://app.stepsecurity.io/securerepo .
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2025-04-09 10:24:58 -06:00
Daz DeBoer
777b8de880
Sign bot-generated commits
2025-04-02 12:32:16 -06:00
dependabot[bot]
d2985e6cc7
Bump the github-actions group across 2 directories with 6 updates
...
Bumps the github-actions group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-node](https://github.com/actions/setup-node ) | `4.2.0` | `4.3.0` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) | `dcc7a0cba800f454d79fff4b993e8c3555bcc0a8` | `0fee5fb278312d962ff465bb38dc4cae9f446de2` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.28.9` | `3.28.11` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.0` | `2.4.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.6.0` | `4.6.1` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) | `7.0.6` | `7.0.8` |
Bumps the github-actions group with 2 updates in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/setup-node` from 4.2.0 to 4.3.0
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](1d0ff469b7...cdca7365b2https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](dcc7a0cba8...0fee5fb278https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e8d0789d4...6bb031afddhttps://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](62b2cac7ed...f49aabe0b5https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0https://github.com/peter-evans/create-pull-request/releases )
- [Commits](67ccf781d6...271a8d0340https://github.com/actions/setup-node/releases )
- [Commits](1d0ff469b7...cdca7365b2https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0
2025-03-25 14:06:06 -06:00
daz
7b5af35d9a
Set author to bot for generated commits
2025-02-18 14:10:09 -07:00
daz
6f10c21ec5
Make it easier to produce 'prerelease' versions
2025-01-30 09:02:58 -07:00
dependabot[bot]
7560c304a6
Bump the github-actions group across 2 directories with 2 updates
...
Bumps the github-actions group with 2 updates in the / directory: [actions/setup-node](https://github.com/actions/setup-node ) and [github/codeql-action](https://github.com/github/codeql-action ).
Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/setup-node](https://github.com/actions/setup-node ).
Updates `actions/setup-node` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](39370e3970...1d0ff469b7https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b6a472f63d...17a820bf2ehttps://github.com/actions/setup-node/releases )
- [Commits](39370e3970...1d0ff469b7
2025-01-28 08:18:31 -07:00
daz
74628b9f13
Fix npm for update-dist
2025-01-21 09:55:18 -07:00
daz
e6f332ecb1
Publish build scans for CI builds
2025-01-20 09:56:42 -07:00
dependabot[bot]
bccddaec22
Bump the github-actions group across 3 directories with 7 updates
...
Bumps the github-actions group with 7 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [gradle/actions](https://github.com/gradle/actions ) | `4.2.1` | `4.2.2` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) | `45.0.5` | `45.0.6` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.27.9` | `3.28.1` |
| [actions/setup-java](https://github.com/actions/setup-java ) | `4.5.0` | `4.6.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.4.3` | `4.6.0` |
| [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) | `5.0.1` | `5.1.0` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) | `7.0.5` | `7.0.6` |
Bumps the github-actions group with 1 update in the /.github/actions/build-dist directory: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Bumps the github-actions group with 1 update in the /.github/actions/init-integ-test directory: [actions/setup-java](https://github.com/actions/setup-java ).
Updates `gradle/actions` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/gradle/actions/releases )
- [Commits](cc4fc85e6b...0bdd871935https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](bab30c2299...d6e91a2266https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df409f7d92...b6a472f63dhttps://github.com/actions/setup-java/releases )
- [Commits](8df1039502...7a6d8a8234https://github.com/actions/upload-artifact/releases )
- [Commits](b4b15b8c7c...65c4c4a1ddhttps://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](8621497c8c...e348103e90https://github.com/peter-evans/create-pull-request/releases )
- [Commits](5e914681df...67ccf781d6https://github.com/actions/upload-artifact/releases )
- [Commits](b4b15b8c7c...65c4c4a1ddhttps://github.com/actions/setup-java/releases )
- [Commits](8df1039502...7a6d8a8234
2025-01-14 13:31:38 -07:00
daz
b12c3a65f2
Pin version of 3rd party actions
2024-11-14 12:35:29 -07:00
daz
d191577859
Pin actions/setup-node@v4
2024-11-14 12:23:02 -07:00
daz
d30cc9ecf2
Pin actions/checkout@v4
2024-11-14 12:19:48 -07:00
daz
8422a6a674
Avoid running workflow on forks
2024-11-14 11:44:20 -07:00
Daz DeBoer
07e0f1c008
Limit token permissions in GitHub workflows ( #440 )
...
See
ea7e27ed41/docs/checks.md (token-permissions)
2024-11-13 19:01:45 -07:00
daz
0325d99e52
Workflow fixes
...
- Fix typo in 'paths-ignore'
- Add back 'buildDistribution' to demo job summary
2024-04-12 10:34:50 -06:00
daz
ebf9707dff
Use a bot token to generate "Update dist" commit
...
This will permit workflows to run when this commit is applied.
- Avoid running ci-update-dist for modifications to dist directory (no recursion)
- Run full-suite only in response to bot updates.
2024-04-11 22:44:13 -06:00
daz
d37a479015
Use pull_request triggers primarily for workflows
...
Instead of relying on push triggers in general, we now use pull_request
and reserve push triggers for main and release branches.
This makes the behaviour more consistent for users contributing from
repository forks. However, we no longer have a quick-feedback loop
for development.
2024-04-10 16:48:14 -06:00
daz
0be451eca3
Simplify the workflow triggers
2024-04-10 11:09:42 -06:00
daz
9e47918adf
Build and commit changes to 'dist' automatically
...
Instead of requiring that developers keep the 'dist' directory up-to-date,
this process is now automated via a workflow.
Whenever a commit is pushed to 'main' (or a 'release/**' branch), the workflow will
build the application and commit any changes to the 'dist' directory.
2024-04-10 07:33:46 -06:00
dependabot[bot]
StepSecurity Bot
Daz DeBoer