diff --git a/.github/workflows/build-autotriage.yml b/.github/workflows/build-autotriage.yml index df5774705..5a288cbda 100644 --- a/.github/workflows/build-autotriage.yml +++ b/.github/workflows/build-autotriage.yml @@ -19,7 +19,7 @@ jobs: name: Run Build Triage if: github.repository == 'adoptium/temurin-build' steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Run Build Auto Triage" run: bash "${PWD}/${TRIAGE_SCRIPT}" jdk8u jdk11u jdk17u jdk21u jdk22 jdk23head diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6a24e6ceb..44522ef5d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,6 +64,7 @@ jobs: variant: bisheng image: adoptopenjdk/centos7_build_image steps: + # pinned at v3 to as Node.js 20.x is not supported on Centos 7 - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Build Linux @@ -75,10 +76,11 @@ jobs: TARGET_OS: ${{ matrix.os }} FILENAME: OpenJDK.tar.gz # Don't set the OS as we use both linux and alpine-linux - PLATFORM_CONFIG_LOCATION: AdoptOpenJDK/openjdk-build/master/build-farm/platform-specific-configurations + PLATFORM_CONFIG_LOCATION: adoptium/temurin-build/master/build-farm/platform-specific-configurations BUILD_ARGS: --create-sbom CONFIGURE_ARGS: --with-native-debug-symbols=none + # pinned at v3 to as Node.js 20.x is not supported on Centos 7 - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 name: Collect and Archive Artifacts with: @@ -101,6 +103,7 @@ jobs: vendor_testRepos: "${{ github.event.pull_request.head.repo.html_url }}.git" vendor_testBranches: "${{ github.head_ref }}" vendor_testDirs: "/test/functional" + # pinned at v3 to as Node.js 20.x is not supported on Centos 7 - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 name: Collect and Archive SmokeTest Results if: failure() @@ -118,11 +121,12 @@ jobs: version: [ { name: jdk8u, distro: macos-11 }, { name: jdk11u, distro: macos-13 }, + { name: jdk17u, distro: macos-14 } ] variant: [temurin] steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # https://github.com/actions/runner-images/issues/6817 - name: (Mac) Workaround for homebrew @@ -144,7 +148,7 @@ jobs: run: | brew install automake bash binutils freetype gnu-sed nasm - - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0 id: setup-java with: java-version: 7 @@ -184,7 +188,7 @@ jobs: FILENAME: OpenJDK.tar.gz JDK7_BOOT_DIR: ${{ steps.setup-java.outputs.path }} - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 name: Collect and Archive Artifacts with: name: ${{matrix.version.name}}-${{matrix.os}}-${{matrix.variant}} @@ -207,7 +211,7 @@ jobs: vendor_testRepos: "${{ github.event.pull_request.head.repo.html_url }}.git" vendor_testBranches: "${{ github.head_ref }}" vendor_testDirs: "/test/functional" - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 name: Collect and Archive SmokeTest Results if: failure() with: @@ -259,14 +263,14 @@ jobs: wget, zip - - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0 id: setup-java7 with: distribution: 'zulu' java-version: 7 if: matrix.version == 'jdk8u' - - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0 id: setup-java11 with: distribution: 'temurin' @@ -342,7 +346,7 @@ jobs: shell: bash run: mkdir -p "$HOME" && git config --system core.autocrlf false && git config --global --add safe.directory '*' - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: set-safe-directory: false @@ -379,14 +383,14 @@ jobs: FILENAME: OpenJDK.zip BUILD_ARGS: --create-sbom - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 name: Collect and Archive Artifacts with: name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}} path: workspace/target/* - name: Restore build artifacts - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: ${{matrix.version}}-${{matrix.os}}-${{matrix.variant}} path: ~/${{matrix.version}}-${{matrix.os}}-${{matrix.variant}} @@ -412,7 +416,7 @@ jobs: vendor_testRepos: "${{ github.event.pull_request.head.repo.html_url }}.git" vendor_testBranches: "${{ github.head_ref }}" vendor_testDirs: "/test/functional" - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 name: Collect and Archive SmokeTest Results if: failure() with: diff --git a/.github/workflows/ca-cert-updater.yml b/.github/workflows/ca-cert-updater.yml index 9eb806418..e5eb81e6a 100644 --- a/.github/workflows/ca-cert-updater.yml +++ b/.github/workflows/ca-cert-updater.yml @@ -14,7 +14,7 @@ jobs: if: startsWith(github.repository, 'adoptium/') runs-on: ubuntu-latest steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index f1b9b5e56..658d69f16 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -42,7 +42,7 @@ jobs: # Checkout the code base # ########################## - name: Checkout Code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0 diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 13024375d..6e5c8186c 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -20,7 +20,7 @@ jobs: id-token: write steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 @@ -28,7 +28,7 @@ jobs: results_file: results.sarif results_format: sarif publish_results: true - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/signsbom.yml b/.github/workflows/signsbom.yml index a66f588f8..050159ff1 100644 --- a/.github/workflows/signsbom.yml +++ b/.github/workflows/signsbom.yml @@ -17,15 +17,11 @@ jobs: test_sbom_sign: name: sign_sbom runs-on: ubuntu-latest - container: - image: adoptopenjdk/centos7_build_image - strategy: - fail-fast: false steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Build with jdk17 to ensure TemurinSignSBOM meets min compatibility - - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0 id: setup-java with: java-version: 17 @@ -41,7 +37,7 @@ jobs: run: | ant -noinput -buildfile cyclonedx-lib/build.xml runSignAndVerifySBOM - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 name: Collect and Archive TemurinSignSBOM Artifacts with: name: testSBOM diff --git a/.github/workflows/testsbom.yml b/.github/workflows/testsbom.yml index 1c71324bb..fa22df8b9 100644 --- a/.github/workflows/testsbom.yml +++ b/.github/workflows/testsbom.yml @@ -17,16 +17,12 @@ jobs: test_sbom_gen: name: gen_sbom runs-on: ubuntu-latest - container: - image: adoptopenjdk/centos7_build_image - strategy: - fail-fast: false steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Build with jdk8 to ensure TemurinGenSBOM meets min compatibility - - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + - uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0 id: setup-java with: java-version: 8 @@ -40,7 +36,7 @@ jobs: - name: Run TemurinGenSBOM Unit test run: ant -noinput -buildfile cyclonedx-lib/build.xml run - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 name: Collect and Archive TemurinGenSBOM Artifacts with: name: testSBOM