Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CI actions due to node.js v12 deprecation #568

Merged
merged 5 commits into from
Dec 7, 2023
Merged

Update CI actions due to node.js v12 deprecation #568

merged 5 commits into from
Dec 7, 2023

Conversation

So-Fras
Copy link
Member

@So-Fras So-Fras commented Nov 21, 2023
edited by rolnico
Loading

Please check if the PR fulfills these requirements

  • The commit message follows our guidelines

Does this PR already have an issue describing the problem?
No but similar to this PR on powsybl-core : powsybl/powsybl-core#2766

What kind of change does this PR introduce?

What is the current behavior?
CI was using setup-java v2 and checkout v2.3.4

What is the new behavior (if this is a feature change)?
CI is now using setup-java v3 and checkout v4

@So-Fras
Update CI actions due to node.js v12 deprecation
dde084c 
Signed-off-by: Sophie Frasnedo <sophie.frasnedo@rte-france.com>
@So-Fras So-Fras requested review from flo-dup and rolnico November 21, 2023 20:39
flo-dup
flo-dup reviewed Dec 4, 2023
View reviewed changes
.github/workflows/maven.yml Outdated
@@ -18,12 +18,12 @@ jobs:

steps:
- name: Checkout sources
uses: actions/checkout@v2.3.4
uses: actions/checkout@v4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you need to put the hash corresponding to the release, as the tag might be changed by an attacker

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can look at powsybl/powsybl-core#2821 for an example

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, thanks for pointing it out. I took more recent version too, following the example in core:

  • 4.1.1 for actions/checkout instead of 4
  • 4.0.0 for actions/setup-java instead of 3

@So-Fras
Bump actions/checkout to 4.1.1 with hash
32dd8c9 
Signed-off-by: Sophie Frasnedo <sophie.frasnedo@rte-france.com>
@So-Fras
Bump actions/setup-java to 4.0.0 with hash
a97a0ab 
Signed-off-by: Sophie Frasnedo <sophie.frasnedo@rte-france.com>
@So-Fras So-Fras requested a review from flo-dup December 5, 2023 20:59
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Dec 6, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@So-Fras So-Fras merged commit f124fe5 into main Dec 7, 2023
6 checks passed
@So-Fras So-Fras deleted the update_github_actions branch December 7, 2023 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rolnico rolnico rolnico approved these changes

@flo-dup flo-dup flo-dup approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@So-Fras @flo-dup @rolnico