Bump step-security/harden-runner from 2.10.2 to 2.10.3 #849
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Java CI | |
on: | |
push: | |
branches: | |
- develop | |
- support/4.6 | |
pull_request: | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
checks: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.adoptopenjdk.net:443 | |
api.github.com:443 | |
api.snapcraft.io:443 | |
auth.docker.io:443 | |
codecov.io:443 | |
docker.io:443 | |
downloads.gradle-dn.com:443 | |
downloads.gradle.org:443 | |
github.com:443 | |
jcenter.bintray.com:443 | |
objects.githubusercontent.com:443 | |
plugins.gradle.org:443 | |
plugins-artifacts.gradle.org:443 | |
production.cloudflare.docker.com:443 | |
registry-1.docker.io:443 | |
repo.maven.apache.org:443 | |
services.gradle.org:443 | |
uploader.codecov.io:443 | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
lfs: true | |
- uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
with: | |
distribution: 'adopt' | |
java-version: '17' | |
cache: 'gradle' | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ github.run_id }} | |
- uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7 | |
- uses: supercharge/redis-github-action@ea9b21c6ecece47bd99595c532e481390ea0f044 # v1.8.0 | |
- uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 | |
- run: ./gradlew --no-daemon check publishToMavenLocal | |
- uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- id: output_version | |
run: | | |
while read line | |
do | |
if [ -n "$line" ] | |
then | |
version=$line | |
fi | |
done < "version.txt" | |
echo "securityJwtVersion=$version" >>$GITHUB_OUTPUT | |
outputs: | |
securityJwtVersion: ${{ steps.output_version.outputs.securityJwtVersion }} | |
integration-tests: | |
if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/support/4.6' | |
strategy: | |
fail-fast: false | |
matrix: | |
springBootVersion: | |
- 3.0.13 | |
- 3.1.12 | |
- 3.2.12 | |
- 3.3.6 | |
- 3.4.0 | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
disable-sudo: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.adoptopenjdk.net:443 | |
api.github.com:443 | |
auth.docker.io:443 | |
docker.io:443 | |
downloads.gradle-dn.com:443 | |
downloads.gradle.org:443 | |
github.com:443 | |
jcenter.bintray.com:443 | |
objects.githubusercontent.com:443 | |
plugins.gradle.org:443 | |
plugins-artifacts.gradle.org:443 | |
production.cloudflare.docker.com:443 | |
registry-1.docker.io:443 | |
repo.maven.apache.org:443 | |
repo.spring.io:443 | |
services.gradle.org:443 | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: 'bratkartoffel/security-jwt-examples' | |
ref: 'master' | |
fetch-depth: 1 | |
lfs: true | |
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ github.run_id }} | |
restore-keys: | | |
${{ runner.os }}-maven-${{ github.run_id }} | |
- uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 | |
with: | |
distribution: 'adopt' | |
java-version: '17' | |
cache: 'gradle' | |
- uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7 | |
- uses: supercharge/redis-github-action@ea9b21c6ecece47bd99595c532e481390ea0f044 # v1.8.0 | |
- uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 | |
- run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} check | |
- run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} starter-hibernate:dependencies | egrep '(:spring|:security-jwt)' | grep -v -- '->' | sed -e 's/^[+-\\| ]\+//' -e 's/ ([n\*])$//' | sort | uniq |