Skip to content

Commit

Permalink
[ACS-8676] bump GH actions to the latest version (#939)
Browse files Browse the repository at this point in the history
  • Loading branch information
aonych authored Sep 23, 2024
1 parent 685c60c commit d339327
Showing 1 changed file with 21 additions and 20 deletions.
41 changes: 21 additions & 20 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,11 @@ jobs:
name: "Source Clear Scan (SCA)"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.35.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.35.0
- uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v1.35.0
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
- uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v7.0.0
continue-on-error: true
with:
srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}

Expand All @@ -46,21 +47,21 @@ jobs:
github.actor != 'dependabot[bot]' &&
!contains(github.event.head_commit.message, '[skip build]')
steps:
- uses: actions/checkout@v3
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.35.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.35.0
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
- name: "Login to Docker Hub"
uses: docker/login-action@v2.1.0
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: "Login to Quay.io"
uses: docker/login-action@v2.1.0
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v5.6.0
- uses: Alfresco/alfresco-build-tools/.github/actions/github-download-file@v7.0.0
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
repository: "Alfresco/veracode-baseline-archive"
Expand All @@ -71,7 +72,7 @@ jobs:
- name: Create zip
run: find gytheio*/gytheio*/target gytheio*/target -name '*.jar' -exec zip -y -r to-scan.zip {} +
- name: "Run SAST Scan"
uses: veracode/Veracode-pipeline-scan-action@v1.0.10
uses: veracode/Veracode-pipeline-scan-action@v1.0.16
with:
vid: ${{ secrets.VERACODE_API_ID }}
vkey: ${{ secrets.VERACODE_API_KEY }}
Expand All @@ -89,7 +90,7 @@ jobs:
run: zip readable_output.zip results.json
- name: Upload Artifact
if: success() || failure()
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: Veracode Pipeline-Scan Results (Human Readable)
path: readable_output.zip
Expand All @@ -98,9 +99,9 @@ jobs:
name: "Build"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.35.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.35.0
- uses: actions/checkout@v4
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
- name: "Remove SNAPSHOT artifacts"
run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
- name: "Install ImageMagick to parse PDFs"
Expand All @@ -110,7 +111,7 @@ jobs:
# ImageMagick6's default security policy doesn't allow it to parse PDFs
sudo sed -i '/PDF/s/none/read|write/' /etc/ImageMagick-6/policy.xml
- name: "Configure AWS credentials"
uses: aws-actions/configure-aws-credentials@v1
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_S3_BUCKET_CREATE_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_S3_BUCKET_CREATE_SECRET_ACCESS_KEY }}
Expand All @@ -127,12 +128,12 @@ jobs:
github.event_name != 'pull_request' &&
(github.ref_name == 'master' || startsWith(github.ref_name, 'SP/') || startsWith(github.ref_name, 'HF/'))
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.35.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.35.0
- uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v1.35.0
- uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v7.0.0
- uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v7.0.0
- uses: Alfresco/alfresco-build-tools/.github/actions/configure-git-author@v7.0.0
with:
username: ${{ secrets.BOT_GITHUB_USERNAME }}
email: ${{ secrets.BOT_GITHUB_EMAIL }}
Expand Down

0 comments on commit d339327

Please sign in to comment.