Update spring boot to v3.5.12 #4618
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Analyze | |
| on: | |
| push: | |
| tags: [ "v*.*.*" ] | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "**" ] | |
| merge_group: | |
| branch_protection_rule: | |
| schedule: | |
| - cron: '15 7 * * 2' | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| format: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 21 | |
| - name: Install google-java-format | |
| env: | |
| # renovate: datasource=github-release-attachments depName=google/google-java-format | |
| JAVA_FORMAT_VERSION: v1.35.0 | |
| JAVA_FORMAT_CHECKSUM: bfb7f9ead6cd328389bc2da53860443bc0e805dfd08cc889bfdf43b26cb2a6e8 | |
| run: .github/scripts/install-google-java-format.sh | |
| - name: Format Java files | |
| env: | |
| JAVA_TOOL_OPTIONS: >- | |
| --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED | |
| --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED | |
| --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED | |
| --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED | |
| --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED | |
| run: | | |
| java -jar /tmp/google-java-format.jar --replace --set-exit-if-changed @<(find . -name "*.java") | |
| - name: Print diffs | |
| if: failure() || cancelled() | |
| run: git --no-pager diff | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install Actionlint | |
| env: | |
| # Check the actionlint binary against a pinned checksum here, it must be updated accordingly | |
| # renovate: datasource=github-release-attachments depName=rhysd/actionlint | |
| ACTIONLINT_VERSION: v1.7.11 | |
| ACTIONLINT_CHECKSUM: 900919a84f2229bac68ca9cd4103ea297abc35e9689ebb842c6e34a3d1b01b0a | |
| run: .github/scripts/install-actionlint.sh | |
| - name: Run Actionlint | |
| run: actionlint | |
| codeql: | |
| env: | |
| MAVEN_ARGS: -B -U -T1C -Dfts.retryTimeout=false | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in `settings.xml` generated by actions/setup-java | |
| permissions: | |
| security-events: write | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 21 | |
| cache: 'maven' | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 | |
| with: | |
| languages: java | |
| queries: security-and-quality | |
| - name: Build | |
| run: make compile | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 | |
| ossf-scorecard: | |
| runs-on: ubuntu-24.04 | |
| if: github.ref_name == github.event.repository.default_branch || github.event_name == 'pull_request' | |
| permissions: | |
| security-events: write | |
| id-token: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Run analysis | |
| uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 | |
| with: | |
| results_file: results.sarif | |
| results_format: sarif | |
| publish_results: ${{ github.ref_name == github.event.repository.default_branch }} | |
| dependency-review: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in `settings.xml` generated by actions/setup-java | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 21 | |
| cache: 'maven' | |
| - name: Submit Dependency Tree | |
| uses: advanced-security/maven-dependency-submission-action@b275d12641ac2d2108b2cbb7598b154ad2f2cee8 # v5 |