This is an automated email from the ASF dual-hosted git repository.
danwatford pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 9b58c2ffc6 Implemented: Upgrade GitHub Actions to versions dependent
on Node.js v20 (OFBIZ-12901) (#701)
9b58c2ffc6 is described below
commit 9b58c2ffc6f50f28eb86fc096a348b3c9f5944ef
Author: Daniel Watford <dan...@watfordconsulting.com>
AuthorDate: Sat Feb 17 15:56:35 2024 +0000
Implemented: Upgrade GitHub Actions to versions dependent on Node.js v20
(OFBIZ-12901) (#701)
Use newer versions of GitHub Actions in the various workflows to avoid
those that are dependent on Node.js v16, instead preferring versions
that use Node.js v20.
---
.github/workflows/codeql-analysis.yml.bak | 92 -------------------------------
.github/workflows/docker-image.yaml | 18 +++---
.github/workflows/gradle.yaml | 15 +++--
3 files changed, 20 insertions(+), 105 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml.bak
b/.github/workflows/codeql-analysis.yml.bak
deleted file mode 100644
index b600ab1093..0000000000
--- a/.github/workflows/codeql-analysis.yml.bak
+++ /dev/null
@@ -1,92 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-#
-name: "CodeQL"
-
-on:
- push:
- branches: [ trunk, release* ]
- paths:
- - '**.java'
- - '**.js'
- pull_request:
- # The branches below must be a subset of the branches above
- branches: [ trunk ]
- paths:
- - '**.java'
- - '**.js'
- schedule:
- - cron: '27 15 * * 1'
-
-jobs:
- analyze:
- name: Analyze
- runs-on: ubuntu-latest
- permissions:
- actions: read
- contents: read
- security-events: write
-
- strategy:
- fail-fast: false
- matrix:
- #language: [ 'java', 'javascript' ]
- language: [ 'javascript' ]
- #language: [ 'javascript' ]
- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript',
'python' ]
- # Learn more:
- #
https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
- steps:
- - name: Checkout repository
- uses: actions/checkout@v2
-
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v1
- with:
- languages: ${{ matrix.language }}
- debug: true
- # If you wish to specify custom queries, you can do so here or in a
config file.
- # By default, queries listed here will override any specified in a
config file.
- # Prefix the list here with "+" to use these queries and those in the
config file.
- # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
- # If this step fails, then you should remove it and run the build manually
(see below)
- - name: Autobuild
- uses: github/codeql-action/autobuild@v1
-
- # âšī¸ Command-line programs to run using the OS shell.
- # đ https://git.io/JvXDl
-
- # âī¸ If the Autobuild fails above, remove it and uncomment the following
three lines
- # and modify them (or add more) to build your code if your project
- # uses a compiled language
-
- #- run: |
- # make bootstrap
- # make release
-
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/docker-image.yaml
b/.github/workflows/docker-image.yaml
index 82fbc0f7f2..f61be8ea4a 100644
--- a/.github/workflows/docker-image.yaml
+++ b/.github/workflows/docker-image.yaml
@@ -19,7 +19,7 @@
#
# Act will set an environment variable, ACT, to indicate that it is running
the workflow.
# This environment variable is used to skip some build steps, such as logging
in to
-# a container registry or pushing container images.
+# a container registry and pushing container images.
#
# On first run, act will prompt you to select a micro, medium or large runner
image. This
# workflow can be run using the medium image.
@@ -50,11 +50,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out OFBiz sources
- uses: actions/checkout@v3
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #
v4.1.1
- name: Log in to the Container registry
if: ${{ !env.ACT && vars.DO_DOCKER_PUSH == 'true' }}
- uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+ uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d #
v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -64,7 +64,7 @@ jobs:
# Build and push a container image of the OFBiz Framework without any
data loaded.
- name: Determine metadata (tags, labels) for Docker runtime build
id: runtimemeta
- uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
# v5.5.1
with:
images: ghcr.io/apache/ofbiz
tags: |
@@ -92,7 +92,7 @@ jobs:
- name: Build and push runtime docker image
- uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+ uses:
docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: .
target: runtime
@@ -104,7 +104,7 @@ jobs:
# Build and push a container image of the OFBiz Framework preloaded with
demo data
- name: Determine metadata (tags, labels) for Docker demo-preload build
id: demometa
- uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
# v5.5.1
with:
images: ghcr.io/apache/ofbiz
tags: |
@@ -112,7 +112,7 @@ jobs:
type=ref,event=branch,suffix=-preloaddemo-snapshot,priority=650
- name: Build and push demo docker image
- uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+ uses:
docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: .
target: demo
@@ -129,7 +129,7 @@ jobs:
run: ./pullAllPluginsSource.sh
- name: Determine metadata (tags, labels) for Docker framework with
plugins build
id: pluginsmeta
- uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
# v5.5.1
with:
images: ghcr.io/apache/ofbiz
tags: |
@@ -137,7 +137,7 @@ jobs:
type=ref,event=branch,suffix=-plugins-snapshot,priority=650
- name: Build and push framework with plugins docker image
- uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+ uses:
docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: .
target: runtime
diff --git a/.github/workflows/gradle.yaml b/.github/workflows/gradle.yaml
index 80e7cd807c..546302c1be 100644
--- a/.github/workflows/gradle.yaml
+++ b/.github/workflows/gradle.yaml
@@ -31,17 +31,24 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
- - name: Set up JDK 1.8
- uses: actions/setup-java@v1
+ - name: Check out OFBiz sources
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+ - name: Set up JDK 8
+ uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 #
v4.0.0
with:
- java-version: 1.8
+ java-version: 8
+ distribution: temurin
+
- name: Grant execute permission for gradlew and pullAllPluginsSource.sh
run: chmod +x gradlew pullAllPluginsSource.sh
+
- name: Load all plugins
run: ./pullAllPluginsSource.sh
+
- name: Build with Gradle
run: ./gradlew check javadoc
+
# Below does not work, see
https://lists.apache.org/thread/80wzf4kclfk5nh2fss56jd6otf7y4n2f
# - name: Builds with Gradle, checks style and run integration tests (just
to know if they pass)
# run: ./gradlew pullAllPluginsSource check loadAll testIntegration
