This is an automated email from the ASF dual-hosted git repository. vy pushed a commit to branch gha/v0 in repository https://gitbox.apache.org/repos/asf/logging-parent.git
commit 5384c0cfa1276f269d90b91fe3a68c5f24b7d859 Author: Volkan Yazıcı <[email protected]> AuthorDate: Tue Apr 14 11:06:56 2026 +0200 Bump GHA versions --- .github/workflows/build-reusable.yaml | 13 +++++++------ .github/workflows/codeql-analysis-reusable.yaml | 6 +++--- .github/workflows/deploy-release-reusable.yaml | 6 +++--- .github/workflows/deploy-site-reusable.yaml | 10 +++++----- .github/workflows/deploy-snapshot-reusable.yaml | 4 ++-- .github/workflows/scorecards-analysis-reusable.yaml | 9 +++++---- .github/workflows/verify-reproducibility-reusable.yaml | 8 ++++---- 7 files changed, 29 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build-reusable.yaml b/.github/workflows/build-reusable.yaml index 1c96d0a..d7b39c0 100644 --- a/.github/workflows/build-reusable.yaml +++ b/.github/workflows/build-reusable.yaml @@ -83,13 +83,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} - name: Set up Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # 5.2.0 with: distribution: zulu java-version: ${{ inputs.java-version }} @@ -122,7 +122,8 @@ jobs: - name: Setup Develocity Build Scan capture if: inputs.develocity-enabled - uses: gradle/develocity-actions/setup-maven@4a2aed82eea165ba2d5c494fc2a8730d7fdff229 # 1.4 + # INFRA-approved GHAs: https://github.com/apache/infrastructure-actions/blob/main/actions.yml + uses: gradle/develocity-actions/setup-maven@4a2aed82eea165ba2d5c494fc2a8730d7fdff229 # 2.1 with: develocity-access-key: ${{ secrets.DV_ACCESS_TOKEN }} @@ -140,7 +141,7 @@ jobs: # We upload tests results. - name: Upload test reports if: ${{ always() && inputs.test-report-enabled }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # 7.0.1 with: name: "test-report-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}}${{inputs.test-report-suffix}}" path: | @@ -159,7 +160,7 @@ jobs: - name: Set up Node.js cache if: inputs.site-enabled id: nodejs-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # 5.0.5 with: # We should be calculating the cache key using `package-lock.json` instead! # See https://stackoverflow.com/a/48524475/1278899 @@ -203,7 +204,7 @@ jobs: # Upload reproducibility results if the build fails. - name: Upload reproducibility results if: inputs.reproducibility-check-enabled && failure() && steps.reproducibility.conclusion == 'failure' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # 7.0.1 with: name: reproducibility-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}} path: | diff --git a/.github/workflows/codeql-analysis-reusable.yaml b/.github/workflows/codeql-analysis-reusable.yaml index 217d5e8..e10f4dd 100644 --- a/.github/workflows/codeql-analysis-reusable.yaml +++ b/.github/workflows/codeql-analysis-reusable.yaml @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 - name: Initialize CodeQL uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # 3.29.0 @@ -56,7 +56,7 @@ jobs: languages: ${{ inputs.language }}, actions - name: Setup JDK - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # 5.2.0 with: distribution: zulu java-version: ${{ inputs.java-version }} @@ -71,4 +71,4 @@ jobs: clean verify - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # 3.29.0 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # 4.35.1 diff --git a/.github/workflows/deploy-release-reusable.yaml b/.github/workflows/deploy-release-reusable.yaml index 03b447f..a6d26fe 100644 --- a/.github/workflows/deploy-release-reusable.yaml +++ b/.github/workflows/deploy-release-reusable.yaml @@ -69,10 +69,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 - name: Set up Java & GPG - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 3.7.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # 5.2.0 with: distribution: zulu java-version: ${{ inputs.java-version }} @@ -173,7 +173,7 @@ jobs: # Node.js cache is needed for Antora - name: Set up Node.js cache id: nodejs-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # 5.0.5 with: # We should be calculating the cache key using `package-lock.json` instead! # See https://stackoverflow.com/a/48524475/1278899 diff --git a/.github/workflows/deploy-site-reusable.yaml b/.github/workflows/deploy-site-reusable.yaml index d48c017..8c705e0 100644 --- a/.github/workflows/deploy-site-reusable.yaml +++ b/.github/workflows/deploy-site-reusable.yaml @@ -60,10 +60,10 @@ jobs: steps: - name: Checkout the source branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 - name: Set up Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 3.7.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # 5.2.0 with: distribution: zulu java-version: ${{ inputs.java-version }} @@ -82,7 +82,7 @@ jobs: # Node.js cache is needed for Antora - name: Restore Node.js cache id: nodejs-cache-restore - uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # 5.0.5 with: # The cache is OS independent enableCrossOsArchive: true @@ -112,7 +112,7 @@ jobs: # Checking out a new branch will delete the `node_modules` folder, # so we need to save the cache here. - name: Save Node.js cache - uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # 5.0.5 with: key: ${{ steps.nodejs-cache-restore.outputs.cache-primary-key }} path: node_modules @@ -132,7 +132,7 @@ jobs: } - name: Checkout the target branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 with: ref: ${{ inputs.target-branch }} diff --git a/.github/workflows/deploy-snapshot-reusable.yaml b/.github/workflows/deploy-snapshot-reusable.yaml index b868a5d..e8498f4 100644 --- a/.github/workflows/deploy-snapshot-reusable.yaml +++ b/.github/workflows/deploy-snapshot-reusable.yaml @@ -48,10 +48,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 - name: Set up Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 3.7.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # 5.2.0 with: distribution: zulu java-version: ${{ inputs.java-version }} diff --git a/.github/workflows/scorecards-analysis-reusable.yaml b/.github/workflows/scorecards-analysis-reusable.yaml index 8094b6c..49c482c 100644 --- a/.github/workflows/scorecards-analysis-reusable.yaml +++ b/.github/workflows/scorecards-analysis-reusable.yaml @@ -36,12 +36,13 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # 2.4.2 + # INFRA-approved GHAs: https://github.com/apache/infrastructure-actions/blob/main/actions.yml + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # 2.4.3 with: results_file: results.sarif results_format: sarif @@ -53,13 +54,13 @@ jobs: publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # 7.0.1 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # 3.29.0 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # 4.35.1 with: sarif_file: results.sarif diff --git a/.github/workflows/verify-reproducibility-reusable.yaml b/.github/workflows/verify-reproducibility-reusable.yaml index a743210..00b5555 100644 --- a/.github/workflows/verify-reproducibility-reusable.yaml +++ b/.github/workflows/verify-reproducibility-reusable.yaml @@ -56,12 +56,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 with: ref: ${{ github.ref }} - name: Set up Java - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # 5.0.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # 5.2.0 with: distribution: zulu java-version: ${{ inputs.java-version }} @@ -83,7 +83,7 @@ jobs: # preventing reproducibility results from being affected by cached outputs from other workflows. # - name: Set up Maven Cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # 4.2.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # 5.0.5 with: path: ~/.m2/repository key: "${{ env.CACHE_KEY }}-${{ runner.os }}-${{ hashFiles('**/pom.xml') }}" @@ -104,7 +104,7 @@ jobs: # Upload reproducibility results if the build fails. - name: Upload reproducibility results if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # 7.0.1 with: name: reproducibility-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}} path: |
