FusionAuth · Aaron-Ritter · Jun 29, 2025 · Jun 29, 2025 · Jun 29, 2025 · Jun 29, 2025
@@ -12,6 +12,8 @@
 name: Vulnerability Scan with CodeQL
 
 on:
+  push:
+    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
@@ -60,7 +62,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.28.17
+        uses: github/codeql-action/init@v3.29.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -74,7 +76,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.28.17
+        uses: github/codeql-action/autobuild@v3.29.1
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -87,6 +89,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.28.17
+        uses: github/codeql-action/analyze@v3.29.1
         with:
           category: "/language:${{matrix.language}}"
@@ -18,6 +18,8 @@
 name: Vulnerability Scan with Detekt
 
 on:
+  push:
+    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
@@ -65,17 +67,15 @@ jobs:
 
       # Sets up Gradle as a prerequisite to run Detekt
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
-        with:
-          gradle-home-cache-cleanup: true
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
 
       # Performs analysis using Detekt via Gradle and outputs a Sarif Report
       - name: Run Detekt
         run: ./gradlew detektRelease detektTest detektReportMergeSarif --continue
 
       # Uploads Sarif Report to GitHub
       - name: Upload SARIF to GitHub
-        uses: github/codeql-action/upload-sarif@v3.28.17
+        uses: github/codeql-action/upload-sarif@v3.29.1
         if: success() || failure()
         with:
           sarif_file: build/reports/detekt/merge.sarif.json

@@ -14,6 +14,8 @@
 name: Check Code Quality with Android Lint
 
 on:
+  push:
+    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   # Allows you to run this workflow manually from the Actions tab
@@ -59,17 +61,15 @@ jobs:
 
       # Sets up Gradle as a prerequisite to run Android Lint
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
-        with:
-          gradle-home-cache-cleanup: true
-
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
+
       # Performs analysis using Android Lint via Gradle and outputs a Sarif Report
       - name: Run Android Lint
         run: ./gradlew lint --continue
 
       # Uploads Sarif Report for the library to GitHub
       - name: Upload kotlin library report
-        uses: github/codeql-action/upload-sarif@v3.28.17
+        uses: github/codeql-action/upload-sarif@v3.29.1
         if: success() || failure()
         with:
           sarif_file: library/build/reports/lint-results-debug.sarif
@@ -116,17 +116,15 @@ jobs:
 
       # Sets up Gradle as a prerequisite to run Android Lint
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
-        with:
-          gradle-home-cache-cleanup: true
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
 
       # Performs analysis using Android Lint via Gradle and outputs a Sarif Report
       - name: Run Android Lint
         run: ./gradlew :app:lint --continue
 
       # Uploads Sarif Report for the app to GitHub
       - name: Upload kotlin app report
-        uses: github/codeql-action/upload-sarif@v3.28.17
+        uses: github/codeql-action/upload-sarif@v3.29.1
         if: success() || failure()
         with:
           sarif_file: app/build/reports/lint-results-debug.sarif

@@ -6,6 +6,8 @@
 name: Vulnerability Scan with MobSF
 
 on:
+  push:
+    branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
@@ -53,7 +55,7 @@ jobs:
 
       # Uploads Sarif Report to GitHub
       - name: Upload mobsfscan report
-        uses: github/codeql-action/upload-sarif@v3.28.17
+        uses: github/codeql-action/upload-sarif@v3.29.1
         if: success() || failure()
         with:
           sarif_file: mobsf.sarif.json

@@ -54,9 +54,7 @@ jobs:
 
       # Sets up Gradle as a prerequisite to run Maven Pre-Release
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
-        with:
-          gradle-home-cache-cleanup: true
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
 
       # Performs a Local Maven Pre-Release
       - name: Run Maven Local Pre-Release

@@ -69,9 +69,7 @@ jobs:
 
       # Sets up Gradle as a prerequisite to run Maven Release
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
-        with:
-          gradle-home-cache-cleanup: true
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
 
       # Performs a Local Maven Release
       - name: Run Maven Local Release

@@ -3,8 +3,7 @@ name: Release
 on:
   # Triggers the workflow on push events but only for default and protected branches
   push:
-    branches:
-      - main
+    branches: [ "main" ]
 
 # The different jobs of this workflow need the following permissions
 permissions: