diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..55a61b1 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: saschpe diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e025e5b..0d04011 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,10 @@ version: 2 updates: - - package-ecosystem: "gradle" - directory: "/" # Location of package manifests + - package-ecosystem: gradle + directory: "/" schedule: - interval: "weekly" + interval: weekly + - package-ecosystem: github-actions + directory: ".github/" + schedule: + interval: weekly diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 991fd49..1028b3d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,5 +1,16 @@ name: Main CI -on: [ push ] + +on: + push: + branches: + - main + paths-ignore: + - .gitignore + - LICENSE + - README.md + pull_request: + branches: + - main concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -12,9 +23,9 @@ jobs: spotless: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0 with: distribution: temurin java-version: 21 @@ -24,9 +35,9 @@ jobs: build: runs-on: macos-14 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: distribution: temurin java-version: 21 @@ -34,7 +45,7 @@ jobs: run: ./gradlew build - name: Archive build artifacts if: github.ref == 'refs/heads/main' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: log4k_build path: | @@ -54,12 +65,12 @@ jobs: SONATYPE_GPG_KEY: ${{ secrets.SONATYPE_GPG_KEY }} SONATYPE_GPG_KEY_PASSWORD: ${{ secrets.SONATYPE_GPG_KEY_PASSWORD }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: refs/heads/main fetch-depth: 0 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: distribution: temurin java-version: 21 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 21ee262..f3677e7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -3,8 +3,8 @@ on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + # To guarantee, Maintained check is occasionally updated. + # See https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - cron: '30 14 * * 6' push: @@ -22,17 +22,17 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@ # with: results_file: results.sarif results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index c42d1a4..386b655 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -15,22 +15,22 @@ jobs: security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Setup Python 3.10 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Setup Python 3.13 uses: actions/setup-python@v4 with: - python-version: '3.11' + python-version: '3.13' - name: Run mobsfscan - uses: MobSF/mobsfscan@0.3.4 + uses: MobSF/mobsfscan@0.4.5 with: args: . --sarif --output results.sarif || true - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif gradle-validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: gradle/wrapper-validation-action@v1 \ No newline at end of file + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: gradle/actions/wrapper-validation@v4 diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 3fe4095..2863bd0 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -6,7 +6,7 @@ compose = "1.7.3" gradle-android = "8.7.3" jacoco = "0.8.11" java = "21" -kotlin = "2.1.0" +kotlin = "2.1.10" ktlint = "1.3.1" log4k-demo = "1.0.0" mockk = "1.13.16"