You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2023/12/22 09:44:31 UTC
(logging-log4j2) branch main updated: Switch `logging-parent` refs in CI from hashes to tags
This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/main by this push:
new 6bd656d706 Switch `logging-parent` refs in CI from hashes to tags
6bd656d706 is described below
commit 6bd656d706cdf49857336191268a280e1e161515
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Fri Dec 22 10:44:42 2023 +0100
Switch `logging-parent` refs in CI from hashes to tags
dependabot is not able to update `logging-parent` GHA
workflow references that use hashes[1][2].
Switching to tags is safe, since `rel/`-prefixed tags are
protected by INFRA.
[1] dependabot/dependabot-core#8654
[2] dependabot/dependabot-core#6269
---
.github/workflows/build.yaml | 6 +++---
.github/workflows/codeql-analysis.yaml | 2 +-
.github/workflows/merge-dependabot.yaml | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index f014bb09df..b427102aae 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -38,7 +38,7 @@ jobs:
build:
if: github.actor != 'dependabot[bot]'
- uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+ uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0
with:
java-version: 17
site-enabled: true
@@ -46,7 +46,7 @@ jobs:
deploy-snapshot:
needs: build
if: github.repository == 'apache/logging-log4j2' && github.ref_name == 'main'
- uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+ uses: apache/logging-parent/.github/workflows/deploy-snapshot-reusable.yaml@rel/10.5.0
# Secrets for deployments
secrets:
NEXUS_USER: ${{ secrets.NEXUS_USER }}
@@ -57,7 +57,7 @@ jobs:
deploy-release:
needs: build
if: github.repository == 'apache/logging-log4j2' && startsWith(github.ref_name, 'release/')
- uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+ uses: apache/logging-parent/.github/workflows/deploy-release-reusable.yaml@rel/10.5.0
# Secrets for deployments
secrets:
GPG_SECRET_KEY: ${{ secrets.LOGGING_GPG_SECRET_KEY }}
diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
index 17f7726128..d14fd7c797 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -30,7 +30,7 @@ permissions: read-all
jobs:
analyze:
- uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+ uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/10.5.0
with:
java-version: 17
# Permissions required to publish Security Alerts
diff --git a/.github/workflows/merge-dependabot.yaml b/.github/workflows/merge-dependabot.yaml
index 20c795681e..0e6d2a13ea 100644
--- a/.github/workflows/merge-dependabot.yaml
+++ b/.github/workflows/merge-dependabot.yaml
@@ -30,13 +30,13 @@ jobs:
build:
if: github.repository == 'apache/logging-log4j2' && github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]'
- uses: apache/logging-parent/.github/workflows/build-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+ uses: apache/logging-parent/.github/workflows/build-reusable.yaml@rel/10.5.0
with:
java-version: 17
merge-dependabot:
needs: build
- uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@e45457c683302242be5e8e7c3c33edf8f0e0ec0e # 10.4.0
+ uses: apache/logging-parent/.github/workflows/merge-dependabot-reusable.yaml@rel/10.5.0
with:
java-version: 17
permissions: