From e18412be1e86b265dbbefd39aed96f1c6db06475 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 29 Jun 2025 04:51:04 +0000 Subject: [PATCH 1/4] build(deps): bump the prod-github-actions group with 2 updates Bumps the prod-github-actions group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [gradle/actions](https://github.com/gradle/actions). Updates `github/codeql-action` from 3.28.17 to 3.28.18 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.28.17...v3.28.18) Updates `gradle/actions` from 4.3.1 to 4.4.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/06832c7b30a0129d7fb559bcc6e43d26f6374244...8379f6a1328ee0e06e2bb424dadb7b159856a326) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-github-actions - dependency-name: gradle/actions dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/detekt.yml | 4 ++-- .github/workflows/lint.yml | 8 ++++---- .github/workflows/mobsf.yml | 2 +- .github/workflows/prerelease-publish-local.yml | 2 +- .github/workflows/release-publish-ossrh.yml | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a443547..418cba9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -60,7 +60,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.17 + uses: github/codeql-action/init@v3.29.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.17 + uses: github/codeql-action/autobuild@v3.29.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -87,6 +87,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.17 + uses: github/codeql-action/analyze@v3.29.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index 853cc32..618b067 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -65,7 +65,7 @@ jobs: # Sets up Gradle as a prerequisite to run Detekt - name: Setup Gradle - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 + uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 with: gradle-home-cache-cleanup: true @@ -75,7 +75,7 @@ jobs: # Uploads Sarif Report to GitHub - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v3.28.17 + uses: github/codeql-action/upload-sarif@v3.29.1 if: success() || failure() with: sarif_file: build/reports/detekt/merge.sarif.json diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 22acb9b..9049183 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -59,7 +59,7 @@ jobs: # Sets up Gradle as a prerequisite to run Android Lint - name: Setup Gradle - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 + uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 with: gradle-home-cache-cleanup: true @@ -69,7 +69,7 @@ jobs: # Uploads Sarif Report for the library to GitHub - name: Upload kotlin library report - uses: github/codeql-action/upload-sarif@v3.28.17 + uses: github/codeql-action/upload-sarif@v3.29.1 if: success() || failure() with: sarif_file: library/build/reports/lint-results-debug.sarif @@ -116,7 +116,7 @@ jobs: # Sets up Gradle as a prerequisite to run Android Lint - name: Setup Gradle - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 + uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 with: gradle-home-cache-cleanup: true @@ -126,7 +126,7 @@ jobs: # Uploads Sarif Report for the app to GitHub - name: Upload kotlin app report - uses: github/codeql-action/upload-sarif@v3.28.17 + uses: github/codeql-action/upload-sarif@v3.29.1 if: success() || failure() with: sarif_file: app/build/reports/lint-results-debug.sarif diff --git a/.github/workflows/mobsf.yml b/.github/workflows/mobsf.yml index 27962f2..8e82659 100644 --- a/.github/workflows/mobsf.yml +++ b/.github/workflows/mobsf.yml @@ -53,7 +53,7 @@ jobs: # Uploads Sarif Report to GitHub - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v3.28.17 + uses: github/codeql-action/upload-sarif@v3.29.1 if: success() || failure() with: sarif_file: mobsf.sarif.json diff --git a/.github/workflows/prerelease-publish-local.yml b/.github/workflows/prerelease-publish-local.yml index ebd2577..14ed069 100644 --- a/.github/workflows/prerelease-publish-local.yml +++ b/.github/workflows/prerelease-publish-local.yml @@ -54,7 +54,7 @@ jobs: # Sets up Gradle as a prerequisite to run Maven Pre-Release - name: Setup Gradle - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 + uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 with: gradle-home-cache-cleanup: true diff --git a/.github/workflows/release-publish-ossrh.yml b/.github/workflows/release-publish-ossrh.yml index 473d431..d3a1f0a 100644 --- a/.github/workflows/release-publish-ossrh.yml +++ b/.github/workflows/release-publish-ossrh.yml @@ -69,7 +69,7 @@ jobs: # Sets up Gradle as a prerequisite to run Maven Release - name: Setup Gradle - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 + uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 with: gradle-home-cache-cleanup: true From 73eb796939151bf567f3533c4007a59f7229113a Mon Sep 17 00:00:00 2001 From: Aaron-Ritter Date: Sun, 29 Jun 2025 07:26:24 +0200 Subject: [PATCH 2/4] ci: add push-main-trigger to advanced security workflows - the github advanced security template suggests the push main branch trigger --- .github/workflows/codeql.yml | 2 ++ .github/workflows/detekt.yml | 2 ++ .github/workflows/lint.yml | 2 ++ .github/workflows/mobsf.yml | 2 ++ 4 files changed, 8 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 418cba9..4c180e7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,6 +12,8 @@ name: Vulnerability Scan with CodeQL on: + push: + branches: [ "main" ] pull_request: branches: [ "main" ] schedule: diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index 618b067..954b82c 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -18,6 +18,8 @@ name: Vulnerability Scan with Detekt on: + push: + branches: [ "main" ] pull_request: branches: [ "main" ] schedule: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9049183..f42a2e9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,6 +14,8 @@ name: Check Code Quality with Android Lint on: + push: + branches: [ "main" ] pull_request: branches: [ "main" ] # Allows you to run this workflow manually from the Actions tab diff --git a/.github/workflows/mobsf.yml b/.github/workflows/mobsf.yml index 8e82659..684bde9 100644 --- a/.github/workflows/mobsf.yml +++ b/.github/workflows/mobsf.yml @@ -6,6 +6,8 @@ name: Vulnerability Scan with MobSF on: + push: + branches: [ "main" ] pull_request: branches: [ "main" ] schedule: From 2be3ce61e57e8658f8223ec9995ab4e179bc45e0 Mon Sep 17 00:00:00 2001 From: Aaron-Ritter Date: Sun, 29 Jun 2025 07:45:12 +0200 Subject: [PATCH 3/4] ci: remove gradle-home-cache-cleanup - Solves https://github.com/FusionAuth/fusionauth-android-sdk/issues/210 - If you are using gradle-home-cache-cleanup: true in your workflow, you can remove this option as this is now enabled by default. https://github.com/gradle/actions/blob/main/docs/deprecation-upgrade-guide.md#the-gradle-home-cache-cleanup-input-parameter-has-been-replaced-by-cache-cleanup --- .github/workflows/detekt.yml | 2 -- .github/workflows/lint.yml | 6 +----- .github/workflows/prerelease-publish-local.yml | 2 -- .github/workflows/release-publish-ossrh.yml | 2 -- 4 files changed, 1 insertion(+), 11 deletions(-) diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index 954b82c..1cca925 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -68,8 +68,6 @@ jobs: # Sets up Gradle as a prerequisite to run Detekt - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - with: - gradle-home-cache-cleanup: true # Performs analysis using Detekt via Gradle and outputs a Sarif Report - name: Run Detekt diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f42a2e9..89793e4 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -62,9 +62,7 @@ jobs: # Sets up Gradle as a prerequisite to run Android Lint - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - with: - gradle-home-cache-cleanup: true - + # Performs analysis using Android Lint via Gradle and outputs a Sarif Report - name: Run Android Lint run: ./gradlew lint --continue @@ -119,8 +117,6 @@ jobs: # Sets up Gradle as a prerequisite to run Android Lint - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - with: - gradle-home-cache-cleanup: true # Performs analysis using Android Lint via Gradle and outputs a Sarif Report - name: Run Android Lint diff --git a/.github/workflows/prerelease-publish-local.yml b/.github/workflows/prerelease-publish-local.yml index 14ed069..1ca2785 100644 --- a/.github/workflows/prerelease-publish-local.yml +++ b/.github/workflows/prerelease-publish-local.yml @@ -55,8 +55,6 @@ jobs: # Sets up Gradle as a prerequisite to run Maven Pre-Release - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - with: - gradle-home-cache-cleanup: true # Performs a Local Maven Pre-Release - name: Run Maven Local Pre-Release diff --git a/.github/workflows/release-publish-ossrh.yml b/.github/workflows/release-publish-ossrh.yml index d3a1f0a..fb277a4 100644 --- a/.github/workflows/release-publish-ossrh.yml +++ b/.github/workflows/release-publish-ossrh.yml @@ -70,8 +70,6 @@ jobs: # Sets up Gradle as a prerequisite to run Maven Release - name: Setup Gradle uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 - with: - gradle-home-cache-cleanup: true # Performs a Local Maven Release - name: Run Maven Local Release From d260ee789324e7981fc1a818aaac103ae73b2732 Mon Sep 17 00:00:00 2001 From: Aaron-Ritter Date: Tue, 1 Jul 2025 00:59:47 +0200 Subject: [PATCH 4/4] refactor: reformat workflow --- .github/workflows/release.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8bd9e01..aa56314 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,8 +3,7 @@ name: Release on: # Triggers the workflow on push events but only for default and protected branches push: - branches: - - main + branches: [ "main" ] # The different jobs of this workflow need the following permissions permissions: