Skip to content

Bump step-security/harden-runner from 2.10.2 to 2.10.3 #849

Bump step-security/harden-runner from 2.10.2 to 2.10.3

Bump step-security/harden-runner from 2.10.2 to 2.10.3 #849

Workflow file for this run

name: Java CI
on:
push:
branches:
- develop
- support/4.6
pull_request:
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
permissions:
checks: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.adoptopenjdk.net:443
api.github.com:443
api.snapcraft.io:443
auth.docker.io:443
codecov.io:443
docker.io:443
downloads.gradle-dn.com:443
downloads.gradle.org:443
github.com:443
jcenter.bintray.com:443
objects.githubusercontent.com:443
plugins.gradle.org:443
plugins-artifacts.gradle.org:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
repo.maven.apache.org:443
services.gradle.org:443
uploader.codecov.io:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
lfs: true
- uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
with:
distribution: 'adopt'
java-version: '17'
cache: 'gradle'
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ github.run_id }}
- uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7
- uses: supercharge/redis-github-action@ea9b21c6ecece47bd99595c532e481390ea0f044 # v1.8.0
- uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4
- run: ./gradlew --no-daemon check publishToMavenLocal
- uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
with:
token: ${{ secrets.CODECOV_TOKEN }}
- id: output_version
run: |
while read line
do
if [ -n "$line" ]
then
version=$line
fi
done < "version.txt"
echo "securityJwtVersion=$version" >>$GITHUB_OUTPUT
outputs:
securityJwtVersion: ${{ steps.output_version.outputs.securityJwtVersion }}
integration-tests:
if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/support/4.6'
strategy:
fail-fast: false
matrix:
springBootVersion:
- 3.0.13
- 3.1.12
- 3.2.12
- 3.3.6
- 3.4.0
runs-on: ubuntu-latest
needs: build
steps:
- uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.adoptopenjdk.net:443
api.github.com:443
auth.docker.io:443
docker.io:443
downloads.gradle-dn.com:443
downloads.gradle.org:443
github.com:443
jcenter.bintray.com:443
objects.githubusercontent.com:443
plugins.gradle.org:443
plugins-artifacts.gradle.org:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
repo.maven.apache.org:443
repo.spring.io:443
services.gradle.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: 'bratkartoffel/security-jwt-examples'
ref: 'master'
fetch-depth: 1
lfs: true
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-maven-${{ github.run_id }}
- uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
with:
distribution: 'adopt'
java-version: '17'
cache: 'gradle'
- uses: niden/actions-memcached@3b3ecd9d0d035ea92db716dc1540a7dbe9e56349 # v7
- uses: supercharge/redis-github-action@ea9b21c6ecece47bd99595c532e481390ea0f044 # v1.8.0
- uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4
- run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} check
- run: ./gradlew --no-daemon -PspringBootVersion=${{ matrix.springBootVersion }} -PsecurityJwtVersion=${{ needs.build.outputs.securityJwtVersion }} starter-hibernate:dependencies | egrep '(:spring|:security-jwt)' | grep -v -- '->' | sed -e 's/^[+-\\| ]\+//' -e 's/ ([n\*])$//' | sort | uniq