Commit graph

1687 commits

Author SHA1 Message Date
Daz DeBoer
52ee405746
Run CodeQL on all commits 2024-11-14 13:44:22 -07:00
Daz DeBoer
7f20d0bf71
Pin versions for GitHub Actions (#442) 2024-11-14 13:24:19 -07:00
daz
b6bc8c2f17
Pin gradle/actions versions 2024-11-14 13:05:02 -07:00
daz
b12c3a65f2
Pin version of 3rd party actions 2024-11-14 12:35:29 -07:00
daz
d191577859
Pin actions/setup-node@v4 2024-11-14 12:23:02 -07:00
daz
e726a12472
Pin actions/setup-java@v4 2024-11-14 12:21:03 -07:00
daz
d30cc9ecf2
Pin actions/checkout@v4 2024-11-14 12:19:48 -07:00
daz
d0efa7b0e7
Avoid duplicate actions/setup-java 2024-11-14 12:12:54 -07:00
daz
8422a6a674
Avoid running workflow on forks 2024-11-14 11:44:20 -07:00
daz
19ff74e0a6
Revert "Disable uploading OSSF scorecard to GitHub Security"
This reverts commit 1e2142185e.
2024-11-14 11:31:03 -07:00
bigdaz
e03a1f068e [bot] Update dist directory 2024-11-14 16:27:59 +00:00
bot-githubaction
084b95f65a Bump references to Develocity Gradle plugin from 3.18.1 to 3.18.2 2024-11-14 09:26:53 -07:00
Daz DeBoer
1e2142185e
Disable uploading OSSF scorecard to GitHub Security
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-ossf-scorecard / Scorecard analysis (push) Waiting to run
CI-update-dist / update-dist (push) Waiting to run
CI-validate-wrappers / validation (push) Waiting to run
2024-11-13 19:11:45 -07:00
Daz DeBoer
07e0f1c008
Limit token permissions in GitHub workflows (#440)
See
ea7e27ed41/docs/checks.md (token-permissions)
2024-11-13 19:01:45 -07:00
daz
af45dcfe3c
Add wrapper-validation workflow
Although we run `setup-gradle` with all/most wrapper files, this global
workflow will ensure that all wrapper files in the repo are valid.
(This should help with the OSSF scorecard)
2024-11-13 18:46:57 -07:00
daz
d8b3a9fb11
Rename OSSF scorecard workflow 2024-11-13 18:46:51 -07:00
nitrocode
9e8f2bcf56 docs: add badge 2024-11-13 16:37:41 -07:00
nitrocode
5ac3e361a2 ci: add scorecard 2024-11-13 16:37:41 -07:00
bigdaz
4a0951b3dc [bot] Update dist directory
Some checks failed
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
2024-11-12 18:29:16 +00:00
daz
48353a25ca Do not fail wrapper-validation on filename with illegal characters 2024-11-12 11:28:09 -07:00
bigdaz
473878a77f [bot] Update dist directory
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-update-dist / update-dist (push) Waiting to run
2024-11-12 03:55:37 +00:00
daz
f22ac61fd1 Use Gradle 8.11 as the minimum version for cache-cleanup
The cache-cleanup API has changed, so the init-script that worked with
Gradle 8.9 no longer works with 8.11.
We now provision and use Gradle 8.11 for cache cleanup.

This provides a band-aid fix for #417 but that issue will still impact
any build configured to run with Gradle > 8.11
2024-11-11 20:54:29 -07:00
daz
4ec844e551 npm audit fix 2024-11-11 20:54:29 -07:00
bigdaz
24ca383271 [bot] Update dist directory
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test-full / caching-integ-tests (push) Waiting to run
CI-integ-test-full / other-integ-tests (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-update-dist / update-dist (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
2024-11-11 19:51:02 +00:00
Daz DeBoer
4ca2d5d749
Dependency updates (#429) 2024-11-11 12:49:55 -07:00
daz
f31476bde2
Update test for real-world data
This test assumed that at least one 'snapshot' wrapper checksum was unique,
and not contained in the set of wrapper checksums for released distributions.
This is no longer the case, so the assumption has been modified.
2024-11-11 12:18:11 -07:00
bigdaz
c345cfbe93
Update known wrapper checksums 2024-11-11 12:18:11 -07:00
dependabot[bot]
b526f6673b
Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary) from 2.18.0 to 2.18.1.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.18.0...jackson-dataformats-binary-2.18.1)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-11 12:18:11 -07:00
daz
93415e6645
Update patch for actions/cache 3.3.0 2024-11-11 12:18:11 -07:00
dependabot[bot]
6bc218d5d0
Bump the npm-dependencies group across 1 directory with 4 updates
Bumps the npm-dependencies group with 4 updates in the /sources directory: [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) and [nock](https://github.com/nock/nock).


Updates `@actions/cache` from 3.2.4 to 3.3.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache)

Updates `@types/node` from 20.17.3 to 20.17.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-jest` from 28.8.3 to 28.9.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v28.8.3...v28.9.0)

Updates `nock` from 13.5.5 to 13.5.6
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v13.5.5...v13.5.6)

---
updated-dependencies:
- dependency-name: "@actions/cache"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-11 11:34:26 -07:00
Daniel Shuy
9d68e8b435 Update build reports path for multi-project build 2024-11-11 11:16:22 -07:00
dependabot[bot]
707359876a Bump @types/node
Some checks failed
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
Bumps the npm-dependencies group with 1 update in the /sources directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@types/node` from 20.17.2 to 20.17.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:31:04 -06:00
bigdaz
4103f31d4d [bot] Update dist directory 2024-10-31 00:29:22 +00:00
dependabot[bot]
15020cf347 Bump the npm-dependencies group across 1 directory with 4 updates
Bumps the npm-dependencies group with 4 updates in the /sources directory: [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact), [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@actions/artifact` from 2.1.10 to 2.1.11
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact)

Updates `@types/jest` from 29.5.13 to 29.5.14
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Updates `@types/node` from 20.16.11 to 20.17.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `typescript` from 5.6.2 to 5.6.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.6.2...v5.6.3)

---
updated-dependencies:
- dependency-name: "@actions/artifact"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:28:10 -06:00
dependabot[bot]
ed43923279 Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.2 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.2...r5.11.3)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-30 18:28:10 -06:00
bigdaz
6dafcf2d22 [bot] Update dist directory 2024-10-30 23:59:49 +00:00
bigdaz
2ca30c9a83 Update known wrapper checksums 2024-10-30 17:58:46 -06:00
bigdaz
bb0c460cbf [bot] Update dist directory
Some checks failed
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
2024-10-10 08:25:45 +00:00
dependabot[bot]
0674891af5 Bump the npm-dependencies group across 1 directory with 5 updates
Bumps the npm-dependencies group with 5 updates in the /sources directory:

| Package | From | To |
| --- | --- | --- |
| [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact) | `2.1.9` | `2.1.10` |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.10.1` | `1.11.1` |
| [@octokit/webhooks-types](https://github.com/octokit/webhooks) | `7.5.1` | `7.6.1` |
| [which](https://github.com/npm/node-which) | `4.0.0` | `5.0.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.16.10` | `20.16.11` |



Updates `@actions/artifact` from 2.1.9 to 2.1.10
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact)

Updates `@actions/core` from 1.10.1 to 1.11.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@octokit/webhooks-types` from 7.5.1 to 7.6.1
- [Release notes](https://github.com/octokit/webhooks/releases)
- [Commits](https://github.com/octokit/webhooks/compare/v7.5.1...v7.6.1)

Updates `which` from 4.0.0 to 5.0.0
- [Release notes](https://github.com/npm/node-which/releases)
- [Changelog](https://github.com/npm/node-which/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-which/compare/v4.0.0...v5.0.0)

Updates `@types/node` from 20.16.10 to 20.16.11
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@actions/artifact"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@octokit/webhooks-types"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: which
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-10 02:24:34 -06:00
dependabot[bot]
1b7e89588d Bump org.junit.jupiter:junit-jupiter
Some checks failed
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.1 to 5.11.2.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.1...r5.11.2)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-06 20:38:26 -06:00
bigdaz
b0cc090202 [bot] Update dist directory 2024-10-07 02:37:40 +00:00
Daz DeBoer
872d6b954c
Dependency updates (#411) 2024-10-06 20:36:28 -06:00
daz
61e4a25782
Control version of Gradle in PATH for unit tests 2024-10-07 12:24:47 +10:00
dependabot[bot]
f4e0ea0cdd
Bump the npm-dependencies group across 1 directory with 4 updates
Bumps the npm-dependencies group with 4 updates in the /sources directory: [typed-rest-client](https://github.com/Microsoft/typed-rest-client), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [@vercel/ncc](https://github.com/vercel/ncc) and [eslint](https://github.com/eslint/eslint).


Updates `typed-rest-client` from 2.0.2 to 2.1.0
- [Release notes](https://github.com/Microsoft/typed-rest-client/releases)
- [Commits](https://github.com/Microsoft/typed-rest-client/compare/v2.0.2...v2.1.0)

Updates `@types/node` from 20.16.5 to 20.16.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vercel/ncc` from 0.38.1 to 0.38.2
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.1...0.38.2)

Updates `eslint` from 8.57.0 to 8.57.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.57.0...v8.57.1)

---
updated-dependencies:
- dependency-name: typed-rest-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:36 +10:00
dependabot[bot]
9f70748719
Bump org.junit.jupiter:junit-jupiter
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.0 to 5.11.1.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.0...r5.11.1)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00
dependabot[bot]
ff4a71656f
Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile
Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-smile](https://github.com/FasterXML/jackson-dataformats-binary) from 2.17.2 to 2.18.0.
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.17.2...jackson-dataformats-binary-2.18.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-smile
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00
dependabot[bot]
b5e8e5f396
Bump com.google.guava:guava in /.github/workflow-samples/kotlin-dsl
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.3.0-jre to 33.3.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-07 11:24:35 +10:00
bigdaz
7605d180a5
Update known wrapper checksums 2024-10-07 11:24:35 +10:00
daz
d32c4bdc08
Update wrapper to Gradle 8.10.2 2024-10-07 11:24:35 +10:00
bigdaz
0d30c9111c [bot] Update dist directory
Some checks failed
CI-check-and-unit-test / check-format-and-unit-test (push) Has been cancelled
CI-codeql / Analyze (javascript-typescript) (push) Has been cancelled
CI-update-dist / update-dist (push) Has been cancelled
CI-integ-test / build-distribution (push) Has been cancelled
CI-init-script-check / test-init-scripts (push) Has been cancelled
CI-integ-test-full / caching-integ-tests (push) Has been cancelled
CI-integ-test-full / other-integ-tests (push) Has been cancelled
CI-integ-test / caching-integ-tests (push) Has been cancelled
CI-integ-test / other-integ-tests (push) Has been cancelled
2024-09-14 22:01:51 +00:00