Skip to content

Commit b6073ec

Browse files
Net-burstNet-burst
authored
CI: Update GitHub workflows (prebid#4351)
1 parent 39b8abe commit b6073ec

12 files changed

Lines changed: 117 additions & 107 deletions

.github/workflows/code-path-changes.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,13 @@ name: Notify Code Path Changes
22

33
on:
44
pull_request_target:
5-
types: [opened, synchronize]
5+
types: [ opened, synchronize ]
66
paths:
77
- '**'
88

9+
permissions:
10+
contents: read
11+
912
env:
1013
OAUTH2_CLIENT_ID: ${{ secrets.OAUTH2_CLIENT_ID }}
1114
OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET }}
@@ -14,18 +17,15 @@ env:
1417
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
1518
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
1619

17-
permissions:
18-
contents: read
19-
2020
jobs:
2121
notify:
2222
runs-on: ubuntu-latest
2323
steps:
2424
- name: Checkout Code
25-
uses: actions/checkout@v3
25+
uses: actions/checkout@v5
2626

2727
- name: Set up Node.js
28-
uses: actions/setup-node@v3
28+
uses: actions/setup-node@v6
2929
with:
3030
node-version: '18'
3131

.github/workflows/codeql-analysis.yml

Lines changed: 47 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,48 +1,60 @@
1-
name: "CodeQL"
1+
name: CodeQL
22

33
on:
4-
push:
5-
branches: [ "master" ]
64
pull_request:
7-
branches: [ "master" ]
5+
branches: [ 'master' ]
6+
schedule:
7+
- cron: '0 3 * * 1'
8+
9+
permissions:
10+
security-events: write
11+
packages: read
12+
actions: read
13+
contents: read
814

915
jobs:
1016
analyze:
11-
name: Analyze
17+
name: Analyze (${{ matrix.language }})
1218
runs-on: ubuntu-latest
1319

1420
strategy:
1521
fail-fast: false
1622
matrix:
17-
language: [ 'java' ]
23+
include:
24+
- language: actions
25+
build-mode: none
26+
- language: java-kotlin
27+
build-mode: manual
1828

1929
steps:
20-
- name: Checkout repository
21-
uses: actions/checkout@v4
22-
23-
- name: Set up JDK
24-
uses: actions/setup-java@v3
25-
with:
26-
distribution: 'temurin'
27-
java-version: 21
28-
29-
- name: Cache Maven packages
30-
uses: actions/cache@v3
31-
with:
32-
path: ~/.m2/repository
33-
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
34-
restore-keys: |
35-
${{ runner.os }}-maven-
36-
37-
- name: Initialize CodeQL
38-
uses: github/codeql-action/init@v1
39-
with:
40-
languages: ${{ matrix.language }}
41-
42-
- name: Build with Maven
43-
run: mvn -B package --file extra/pom.xml
44-
45-
- name: Perform CodeQL Analysis
46-
uses: github/codeql-action/analyze@v1
47-
with:
48-
category: "/language:${{ matrix.language }}"
30+
- name: Checkout repository
31+
uses: actions/checkout@v5
32+
33+
- name: Set up JDK
34+
uses: actions/setup-java@v5
35+
with:
36+
distribution: 'temurin'
37+
java-version: 21
38+
39+
- name: Cache Maven packages
40+
uses: actions/cache@v5
41+
with:
42+
path: ~/.m2/repository
43+
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
44+
restore-keys: |
45+
${{ runner.os }}-maven-
46+
47+
- name: Initialize CodeQL
48+
uses: github/codeql-action/init@v4
49+
with:
50+
languages: ${{ matrix.language }}
51+
build-mode: ${{ matrix.build-mode }}
52+
53+
- name: Build with Maven
54+
if: matrix.build-mode == 'manual'
55+
run: mvn -B package --file extra/pom.xml
56+
57+
- name: Perform CodeQL Analysis
58+
uses: github/codeql-action/analyze@v4
59+
with:
60+
category: '/language:${{ matrix.language }}'

.github/workflows/cross-repo-issue.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,20 @@ name: Cross-repo Issue Creation
22

33
on:
44
pull_request_target:
5-
types: [closed]
5+
types: [ closed ]
66
branches:
7-
- "master"
7+
- 'master'
8+
9+
permissions:
10+
contents: read
811

912
jobs:
1013
cross-repo:
1114
runs-on: ubuntu-latest
1215
steps:
1316
- name: Generate token
1417
id: generate_token
15-
uses: tibdex/github-app-token@v1
18+
uses: tibdex/github-app-token@v2.1.0
1619
with:
1720
app_id: ${{ secrets.XREPO_APP_ID }}
1821
private_key: ${{ secrets.XREPO_PEM }}

.github/workflows/docker-image-publish.yml

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@ on:
55
tags:
66
- '*'
77

8+
permissions:
9+
contents: read
10+
packages: write
11+
812
env:
913
REGISTRY: ghcr.io
1014
IMAGE_NAME: ${{ github.repository }}
@@ -13,13 +17,10 @@ jobs:
1317
build:
1418
name: Publish Docker image for new tag/release
1519
runs-on: ubuntu-latest
16-
permissions:
17-
contents: read
18-
packages: write
1920
strategy:
2021
matrix:
2122
java: [ 21 ]
22-
dockerfile-path: [Dockerfile, Dockerfile-modules]
23+
dockerfile-path: [ Dockerfile, Dockerfile-modules ]
2324
include:
2425
- dockerfile-path: Dockerfile
2526
build-cmd: mvn clean package -Dcheckstyle.skip -Dmaven.test.skip=true
@@ -30,10 +31,10 @@ jobs:
3031
package-name: ghcr.io/${{ github.repository }}-bundle
3132
steps:
3233
- name: Check out Repository
33-
uses: actions/checkout@v4
34+
uses: actions/checkout@v5
3435

3536
- name: Set up JDK
36-
uses: actions/setup-java@v3
37+
uses: actions/setup-java@v5
3738
with:
3839
distribution: 'temurin'
3940
cache: 'maven'
@@ -56,13 +57,13 @@ jobs:
5657
images: ${{ matrix.package-name }}
5758

5859
- name: Set up QEMU
59-
uses: docker/setup-qemu-action@v2
60+
uses: docker/setup-qemu-action@v3
6061

6162
- name: Set up Docker Buildx
62-
uses: docker/setup-buildx-action@v2
63+
uses: docker/setup-buildx-action@v3
6364

6465
- name: Build and push Docker image
65-
uses: docker/build-push-action@v5
66+
uses: docker/build-push-action@v6
6667
with:
6768
context: .
6869
file: ${{ matrix.dockerfile-path }}

.github/workflows/issue_prioritization.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
name: Issue tracking
2+
23
on:
34
issues:
45
types:
56
- opened
67
- pinned
8+
79
jobs:
810
track_issue:
911
runs-on: ubuntu-latest

.github/workflows/pr-functional-tests.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,11 @@ on:
1111
types:
1212
- created
1313

14+
permissions:
15+
contents: read
16+
actions: read
17+
checks: write
18+
1419
jobs:
1520
build:
1621
runs-on: ubuntu-latest
@@ -20,10 +25,10 @@ jobs:
2025
java: [ 21 ]
2126

2227
steps:
23-
- uses: actions/checkout@v4
28+
- uses: actions/checkout@v5
2429

2530
- name: Set up JDK
26-
uses: actions/setup-java@v3
31+
uses: actions/setup-java@v5
2732
with:
2833
distribution: 'temurin'
2934
cache: 'maven'
@@ -42,7 +47,7 @@ jobs:
4247
4348
- name: Emitting run result of functional test
4449
if: always()
45-
uses: dorny/test-reporter@v2.1.1
50+
uses: dorny/test-reporter@v2.5.0
4651
with:
4752
name: 'Functional tests'
4853
working-directory: 'target/failsafe-reports'

.github/workflows/pr-java-ci.yml

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,11 @@ on:
1111
types:
1212
- created
1313

14+
permissions:
15+
contents: read
16+
actions: read
17+
checks: write
18+
1419
jobs:
1520
build:
1621
runs-on: ubuntu-latest
@@ -20,10 +25,10 @@ jobs:
2025
java: [ 21 ]
2126

2227
steps:
23-
- uses: actions/checkout@v4
28+
- uses: actions/checkout@v5
2429

2530
- name: Set up JDK
26-
uses: actions/setup-java@v4
31+
uses: actions/setup-java@v5
2732
with:
2833
distribution: 'temurin'
2934
cache: 'maven'
@@ -32,12 +37,3 @@ jobs:
3237

3338
- name: Build with Maven
3439
run: mvn -B package --file extra/pom.xml
35-
36-
- name: Publish JUnit Report
37-
uses: mikepenz/action-junit-report@v5
38-
if: always()
39-
with:
40-
check_name: 'JUnit Test Report'
41-
report_paths: '**/target/surefire-reports/TEST-*.xml'
42-
fail_on_failure: true
43-
annotate_only: true

.github/workflows/pr-module-functional-tests.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,11 @@ on:
1111
types:
1212
- created
1313

14+
permissions:
15+
contents: read
16+
actions: read
17+
checks: write
18+
1419
jobs:
1520
build:
1621
runs-on: ubuntu-latest
@@ -20,10 +25,10 @@ jobs:
2025
java: [ 21 ]
2126

2227
steps:
23-
- uses: actions/checkout@v4
28+
- uses: actions/checkout@v5
2429

2530
- name: Set up JDK
26-
uses: actions/setup-java@v3
31+
uses: actions/setup-java@v5
2732
with:
2833
distribution: 'temurin'
2934
cache: 'maven'
@@ -46,7 +51,7 @@ jobs:
4651
4752
- name: Emitting run result of functional test
4853
if: always()
49-
uses: dorny/test-reporter@v2.1.1
54+
uses: dorny/test-reporter@v2.5.0
5055
with:
5156
name: 'Module functional tests'
5257
working-directory: 'target/failsafe-reports'

.github/workflows/release-asset-publish.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ name: Publish release .jar
22

33
on:
44
workflow_run:
5-
workflows: [Publish release]
5+
workflows: [ Publish release ]
66
types:
77
- completed
88

@@ -14,9 +14,9 @@ jobs:
1414
matrix:
1515
java: [ 21 ]
1616
steps:
17-
- uses: actions/checkout@v4
17+
- uses: actions/checkout@v5
1818
- name: Set up JDK
19-
uses: actions/setup-java@v3
19+
uses: actions/setup-java@v5
2020
with:
2121
distribution: 'temurin'
2222
cache: 'maven'

.github/workflows/release-drafter.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,22 @@ on:
55
tags:
66
- '*'
77

8+
permissions:
9+
contents: read
10+
811
jobs:
912
update_release_draft:
1013
name: Publish release with notes
14+
permissions:
15+
contents: write
1116
runs-on: ubuntu-latest
1217
steps:
1318
- name: Create and publish release
14-
uses: release-drafter/release-drafter@v5
19+
uses: release-drafter/release-drafter@v6
1520
with:
1621
config-name: release-drafter-config.yml
1722
publish: true
18-
name: "v${{ github.ref_name }}"
23+
name: 'v${{ github.ref_name }}'
1924
tag: ${{ github.ref_name }}
2025
env:
2126
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 commit comments

Comments
 (0)