bigdaz
094f2191c5
[bot] Update dist directory
2024-11-14 22:45:12 +00:00
Daz DeBoer
83709b49fe
Fix checksum test by reducing network calls ( #444 )
...
This test was originally starting with an empty set of checksums,
leading to the download of a checksum for every released and snapshot
version. This resulted in in sporadic test failures.
We now start with a known set of checksums and ensure that those that
are missing are downloaded. This involved some refactoring and
improvement in the way snapshot checksums are processed.
2024-11-14 15:44:07 -07:00
Daz DeBoer
5f21a9bb99
Bump Gradle from 8.10.2 to 8.11 ( #443 )
...
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
Co-authored-by: bot-githubaction <bot-githubaction@gradle.com>
2024-11-14 13:48:42 -07:00
Daz DeBoer
52ee405746
Run CodeQL on all commits
2024-11-14 13:44:22 -07:00
Daz DeBoer
7f20d0bf71
Pin versions for GitHub Actions ( #442 )
2024-11-14 13:24:19 -07:00
daz
b6bc8c2f17
Pin gradle/actions versions
2024-11-14 13:05:02 -07:00
daz
b12c3a65f2
Pin version of 3rd party actions
2024-11-14 12:35:29 -07:00
daz
d191577859
Pin actions/setup-node@v4
2024-11-14 12:23:02 -07:00
daz
e726a12472
Pin actions/setup-java@v4
2024-11-14 12:21:03 -07:00
daz
d30cc9ecf2
Pin actions/checkout@v4
2024-11-14 12:19:48 -07:00
daz
d0efa7b0e7
Avoid duplicate actions/setup-java
2024-11-14 12:12:54 -07:00
daz
8422a6a674
Avoid running workflow on forks
2024-11-14 11:44:20 -07:00
daz
19ff74e0a6
Revert "Disable uploading OSSF scorecard to GitHub Security"
...
This reverts commit 1e2142185e
.
2024-11-14 11:31:03 -07:00
bigdaz
e03a1f068e
[bot] Update dist directory
2024-11-14 16:27:59 +00:00
bot-githubaction
084b95f65a
Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2
2024-11-14 09:26:53 -07:00
Daz DeBoer
1e2142185e
Disable uploading OSSF scorecard to GitHub Security
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
2024-11-13 19:11:45 -07:00
Daz DeBoer
07e0f1c008
Limit token permissions in GitHub workflows ( #440 )
...
See
ea7e27ed41/docs/checks.md (token-permissions)
2024-11-13 19:01:45 -07:00
daz
af45dcfe3c
Add wrapper-validation workflow
...
Although we run `setup-gradle` with all/most wrapper files, this global
workflow will ensure that all wrapper files in the repo are valid.
(This should help with the OSSF scorecard)
2024-11-13 18:46:57 -07:00
daz
d8b3a9fb11
Rename OSSF scorecard workflow
2024-11-13 18:46:51 -07:00
nitrocode
9e8f2bcf56
docs: add badge
2024-11-13 16:37:41 -07:00
nitrocode
5ac3e361a2
ci: add scorecard
2024-11-13 16:37:41 -07:00
bigdaz
4a0951b3dc
[bot] Update dist directory
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
2024-11-12 18:29:16 +00:00
daz
48353a25ca
Do not fail wrapper-validation on filename with illegal characters
2024-11-12 11:28:09 -07:00
bigdaz
473878a77f
[bot] Update dist directory
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-update-dist / update-dist (push) Waiting to run
2024-11-12 03:55:37 +00:00
daz
f22ac61fd1
Use Gradle 8.11 as the minimum version for cache-cleanup
...
The cache-cleanup API has changed, so the init-script that worked with
Gradle 8.9 no longer works with 8.11.
We now provision and use Gradle 8.11 for cache cleanup.
This provides a band-aid fix for #417 but that issue will still impact
any build configured to run with Gradle > 8.11
2024-11-11 20:54:29 -07:00
daz
4ec844e551
npm audit fix
2024-11-11 20:54:29 -07:00
bigdaz
24ca383271
[bot] Update dist directory
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-update-dist / update-dist (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
2024-11-11 19:51:02 +00:00
Daz DeBoer
4ca2d5d749
Dependency updates ( #429 )
2024-11-11 12:49:55 -07:00
daz
f31476bde2
Update test for real-world data
...
This test assumed that at least one 'snapshot' wrapper checksum was unique,
and not contained in the set of wrapper checksums for released distributions.
This is no longer the case, so the assumption has been modified.
2024-11-11 12:18:11 -07:00
bigdaz
c345cfbe93
Update known wrapper checksums
2024-11-11 12:18:11 -07:00
dependabot[bot]
b526f6673b
Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile
...
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary ) from 2.18.0 to 2.18.1.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.18.0...jackson-dataformats-binary-2.18.1 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-11-11 12:18:11 -07:00
daz
93415e6645
Update patch for actions/cache 3.3.0
2024-11-11 12:18:11 -07:00
dependabot[bot]
6bc218d5d0
Bump the npm-dependencies group across 1 directory with 4 updates
...
Bumps the npm-dependencies group with 4 updates in the /sources directory: [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache ), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ), [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest ) and [nock](https://github.com/nock/nock ).
Updates `@actions/cache` from 3.2.4 to 3.3.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache )
Updates `@types/node` from 20.17.3 to 20.17.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `eslint-plugin-jest` from 28.8.3 to 28.9.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases )
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v28.8.3...v28.9.0 )
Updates `nock` from 13.5.5 to 13.5.6
- [Release notes](https://github.com/nock/nock/releases )
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md )
- [Commits](https://github.com/nock/nock/compare/v13.5.5...v13.5.6 )
---
updated-dependencies:
- dependency-name: "@actions/cache"
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: eslint-plugin-jest
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: nock
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-11-11 11:34:26 -07:00
Daniel Shuy
9d68e8b435
Update build reports path for multi-project build
2024-11-11 11:16:22 -07:00
dependabot[bot]
707359876a
Bump @types/node
...
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
Bumps the npm-dependencies group with 1 update in the /sources directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 20.17.2 to 20.17.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:31:04 -06:00
bigdaz
4103f31d4d
[bot] Update dist directory
2024-10-31 00:29:22 +00:00
dependabot[bot]
15020cf347
Bump the npm-dependencies group across 1 directory with 4 updates
...
Bumps the npm-dependencies group with 4 updates in the /sources directory: [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact ), [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest ), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) and [typescript](https://github.com/microsoft/TypeScript ).
Updates `@actions/artifact` from 2.1.10 to 2.1.11
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact )
Updates `@types/jest` from 29.5.13 to 29.5.14
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest )
Updates `@types/node` from 20.16.11 to 20.17.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `typescript` from 5.6.2 to 5.6.3
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml )
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.6.2...v5.6.3 )
---
updated-dependencies:
- dependency-name: "@actions/artifact"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: "@types/jest"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:28:10 -06:00
dependabot[bot]
ed43923279
Bump org.junit.jupiter:junit-jupiter
...
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5 ) from 5.11.2 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases )
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3 )
---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:28:10 -06:00
bigdaz
6dafcf2d22
[bot] Update dist directory
2024-10-30 23:59:49 +00:00
bigdaz
2ca30c9a83
Update known wrapper checksums
2024-10-30 17:58:46 -06:00
bigdaz
bb0c460cbf
[bot] Update dist directory
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
2024-10-10 08:25:45 +00:00
dependabot[bot]
0674891af5
Bump the npm-dependencies group across 1 directory with 5 updates
...
Bumps the npm-dependencies group with 5 updates in the /sources directory:
| Package | From | To |
| --- | --- | --- |
| [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact ) | `2.1.9` | `2.1.10` |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) | `1.10.1` | `1.11.1` |
| [@octokit/webhooks-types](https://github.com/octokit/webhooks ) | `7.5.1` | `7.6.1` |
| [which](https://github.com/npm/node-which ) | `4.0.0` | `5.0.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) | `20.16.10` | `20.16.11` |
Updates `@actions/artifact` from 2.1.9 to 2.1.10
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact )
Updates `@actions/core` from 1.10.1 to 1.11.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@octokit/webhooks-types` from 7.5.1 to 7.6.1
- [Release notes](https://github.com/octokit/webhooks/releases )
- [Commits](https://github.com/octokit/webhooks/compare/v7.5.1...v7.6.1 )
Updates `which` from 4.0.0 to 5.0.0
- [Release notes](https://github.com/npm/node-which/releases )
- [Changelog](https://github.com/npm/node-which/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-which/compare/v4.0.0...v5.0.0 )
Updates `@types/node` from 20.16.10 to 20.16.11
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@actions/artifact"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: "@actions/core"
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: "@octokit/webhooks-types"
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: which
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm-dependencies
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-10 02:24:34 -06:00
dependabot[bot]
1b7e89588d
Bump org.junit.jupiter:junit-jupiter
...
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5 ) from 5.11.1 to 5.11.2.
- [Release notes](https://github.com/junit-team/junit5/releases )
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2 )
---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-06 20:38:26 -06:00
bigdaz
b0cc090202
[bot] Update dist directory
2024-10-07 02:37:40 +00:00
Daz DeBoer
872d6b954c
Dependency updates ( #411 )
2024-10-06 20:36:28 -06:00
daz
61e4a25782
Control version of Gradle in PATH for unit tests
2024-10-07 12:24:47 +10:00
dependabot[bot]
f4e0ea0cdd
Bump the npm-dependencies group across 1 directory with 4 updates
...
Bumps the npm-dependencies group with 4 updates in the /sources directory: [typed-rest-client](https://github.com/Microsoft/typed-rest-client ), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ), [@vercel/ncc](https://github.com/vercel/ncc ) and [eslint](https://github.com/eslint/eslint ).
Updates `typed-rest-client` from 2.0.2 to 2.1.0
- [Release notes](https://github.com/Microsoft/typed-rest-client/releases )
- [Commits](https://github.com/Microsoft/typed-rest-client/compare/v2.0.2...v2.1.0 )
Updates `@types/node` from 20.16.5 to 20.16.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `@vercel/ncc` from 0.38.1 to 0.38.2
- [Release notes](https://github.com/vercel/ncc/releases )
- [Commits](https://github.com/vercel/ncc/compare/0.38.1...0.38.2 )
Updates `eslint` from 8.57.0 to 8.57.1
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v8.57.0...v8.57.1 )
---
updated-dependencies:
- dependency-name: typed-rest-client
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: npm-dependencies
- dependency-name: "@types/node"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: "@vercel/ncc"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:36 +10:00
dependabot[bot]
9f70748719
Bump org.junit.jupiter:junit-jupiter
...
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5 ) from 5.11.0 to 5.11.1.
- [Release notes](https://github.com/junit-team/junit5/releases )
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1 )
---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00
dependabot[bot]
ff4a71656f
Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile
...
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary ) from 2.17.2 to 2.18.0.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.17.2...jackson-dataformats-binary-2.18.0 )
---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00
dependabot[bot]
b5e8e5f396
Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl
...
Bumps [com.google.guava:guava](https://github.com/google/guava ) from 33.3.0-jre to 33.3.1-jre.
- [Release notes](https://github.com/google/guava/releases )
- [Commits](https://github.com/google/guava/commits )
---
updated-dependencies:
- dependency-name: com.google.guava:guava
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00