54a0d4f8de
Bump step-security/harden-runner from 2.5.0 to 2.5.1 ( #3168 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](cba0d00b1f
2 years ago
45e7e7d5d7
Bump github/codeql-action from 2.21.1 to 2.21.3 ( #3164 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.1 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](6ca1aa8c19
2 years ago
af279539b2
Bump actions/dependency-review-action from 2.5.1 to 3.0.7 ( #3169 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84
2 years ago
b5cb76adc8
Revert "Bump ossf/scorecard-action from 2.0.6 to 2.2.0 ( #3130 )" ( #3137 )
This reverts commit 579e50f3db
2 years ago
ca47eaf1ff
Bump step-security/harden-runner from 2.2.1 to 2.5.0 ( #3132 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.1 to 2.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1f99358870
2 years ago
579e50f3db
Bump ossf/scorecard-action from 2.0.6 to 2.2.0 ( #3130 )
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0
2 years ago
1852d77ffc
Bump actions/setup-java from 2.5.1 to 3.12.0 ( #3133 )
Bumps [actions/setup-java](https://github.com/actions/setup-java ) from 2.5.1 to 3.12.0.
- [Release notes](https://github.com/actions/setup-java/releases )
- [Commits](91d3aa4956
2 years ago
4693d8550d
Bump github/codeql-action from 2.2.9 to 2.21.1 ( #3136 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6
2 years ago
02559a8541
[StepSecurity] Apply security best practices ( #2913 )
* [StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
* Update codeql.yml
* Update codeql.yml
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: penmetsaa <penmetsaa@google.com>
3 years ago
83045b03bf
Remove old ci/cd configs ( #2691 )
4 years ago
55fa7ba823
Update event list for workflow triggering. ( #2665 )
- When configured "pull_request[type: opened] + push", workflow not getting triggered when there is a change in PR code/commits when the branch is from the parent's forked repo.
- Configured only pull_request event as any change can only go through PR.
- pull_request event by default happens when opened, synchronize (means whenever there is change/commit, sync happens), and reopened. So this should be good enough for our use cases.
More details in [approach doc](https://docs.google.com/document/d/1YNYUAlEUXTi4UZG5gEFZGQ7oe7LxNKh7FYSg2qtIUvI/edit#heading=h.1c7qt5y1jb9 )
4 years ago
c930db20e1
Configure CI flow in Github Actions ( #2664 )
Our objective is to (replicating the previous setup):
- Do Maven test of LPN tool modules common, data and java-build through a Maven profile.
- Also build and test run ant target “junit” that unit tests the java LPN api jar after being built.
- Check whether LPN’s JS API/files are in ascii format/not.
- More details are mentioned in [approach doc](https://docs.google.com/document/d/1YNYUAlEUXTi4UZG5gEFZGQ7oe7LxNKh7FYSg2qtIUvI/edit )
4 years ago
dependabot[bot]
mandlil
StepSecurity Bot
penmetsaa