Merge pull request #23 from traveltime-dev/fix/CI-security

Update CI actions, do not persist credentials for checkout action
traveltime-dev · Oct 25, 2024 · a09c1e9 · a09c1e9
2 parents becf974 + 57dae30
commit a09c1e9
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 16 deletions.
diff --git a/.github/workflows/release-from-tag.yml b/.github/workflows/release-from-tag.yml
@@ -12,21 +12,22 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
     - name: Set up JDK 11
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v4
       with:
         java-version: '11'
         distribution: 'adopt'
         server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
         settings-path: ${{ github.workspace }} # location for the settings.xml file
-
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v3
     - name: Build with Gradle
-      uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
-      with:
-        arguments: -Ptag=${{github.ref_name}} shadowJar
+      run: ./gradlew -Ptag=${{github.ref_name}} shadowJar
 
     - name: GH Release
-      uses: softprops/action-gh-release@v0.1.14
+      uses: softprops/action-gh-release@v2
       with:
         files: "**/build/libs/*.jar"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -17,17 +17,17 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
-
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v4
         with:
           java-version: '11'
           distribution: 'adopt'
           server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
           settings-path: ${{ github.workspace }} # location for the settings.xml file
-
-      - name: Build the plugin
-        uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
-        with:
-          arguments: dockerTest
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+      - name: Test the plugin
+        run: ./gradlew dockerTest
diff --git a/build.gradle b/build.gradle
@@ -18,7 +18,7 @@ configure(subprojects) {
     repositories {
         mavenCentral()
         maven {
-            url "http://maven.restlet.org/"
+            url "http://maven.restlet.talend.com/"
             allowInsecureProtocol = true
         }
     }