diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/codeql.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/detectNewJavaFiles.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/gradle-wrapper-validation.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/scorecard.yml | 8 |
4 files changed, 19 insertions, 7 deletions
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 396fa26a..bcec1706 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -15,7 +15,7 @@ permissions: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: actions: read contents: read @@ -26,13 +26,13 @@ jobs: language: [ 'java' ] steps: - name: Checkout repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Set Swap Space uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # v1.0 with: swap-size-gb: 10 - name: Initialize CodeQL - uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 with: languages: ${{ matrix.language }} - name: Set up JDK 17 @@ -46,4 +46,4 @@ jobs: echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > "$HOME/.gradle/gradle.properties" ./gradlew assembleDebug - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 diff --git a/.github/workflows/detectNewJavaFiles.yml b/.github/workflows/detectNewJavaFiles.yml index b64964ce..308571a7 100644 --- a/.github/workflows/detectNewJavaFiles.yml +++ b/.github/workflows/detectNewJavaFiles.yml @@ -7,6 +7,10 @@ on: permissions: read-all +concurrency: + group: detect-new-java-files-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: detectNewJavaFiles: runs-on: ubuntu-latest diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index be44c9e6..830820b0 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -9,10 +9,14 @@ on: # Declare default permissions as read only. permissions: read-all +concurrency: + group: validate-gradle-wrapper-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: validation: name: "Validation" runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b # v1.0.6 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e774cebe..274ca43a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -10,6 +10,10 @@ on: # Declare default permissions as read only. permissions: read-all +concurrency: + group: scorecard-supply-chain-security-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: analysis: name: Scorecard analysis @@ -20,7 +24,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false @@ -33,6 +37,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 with: sarif_file: results.sarif |