You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@maven.apache.org by sj...@apache.org on 2022/11/12 17:03:34 UTC

[maven] branch gh-actions-update created (now e8e1a34a8)

This is an automated email from the ASF dual-hosted git repository.

sjaranowski pushed a change to branch gh-actions-update
in repository https://gitbox.apache.org/repos/asf/maven.git


      at e8e1a34a8 Update actions in GH build

This branch includes the following new commits:

     new e8e1a34a8 Update actions in GH build

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[maven] 01/01: Update actions in GH build

Posted by sj...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

sjaranowski pushed a commit to branch gh-actions-update
in repository https://gitbox.apache.org/repos/asf/maven.git

commit e8e1a34a8c7299aee7bf4cf5fce26bc2b36b678c
Author: Slawomir Jaranowski <s....@gmail.com>
AuthorDate: Sat Nov 12 18:03:02 2022 +0100

    Update actions in GH build
    
    Old actions use deprecated node 12
    
    - cache v2 -> v3
    - checkout v2 -> v3
    - download-artifact v2 -> v3
    - setup-java v2 -> v3
    - disable access to GITHUB_TOKEN
    - don't store credentials with checkout
    - don't execute build for PR from local repository branches - we have build on push event
---
 .github/workflows/maven.yml              | 26 +++++++++++++++++++-------
 .github/workflows/maven_build_itself.yml | 14 ++++++++++++--
 2 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 3b82ac148..f9b093809 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -19,8 +19,15 @@ name: Java CI
 
 on: [push, pull_request]
 
+# clare all permissions for GITHUB_TOKEN
+permissions: {}
+
 jobs:
   build:
+
+    # execute on any push or pull request from forked repo
+    if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork )
+
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macOS-latest]
@@ -29,8 +36,11 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v2
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-java@v3
         with:
           java-version: 8
           distribution: 'temurin'
@@ -40,7 +50,7 @@ jobs:
         run: mvn verify -e -B -V -DdistributionFileName=apache-maven
 
       - name: Upload built Maven
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: ${{ matrix.os == 'ubuntu-latest' }}
         with:
           name: built-maven
@@ -89,14 +99,16 @@ jobs:
           echo "REPO_USER=$target_user" >> $GITHUB_ENV
 
       - name: Checkout maven-integration-testing
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           repository: ${{ env.REPO_USER }}/maven-integration-testing
           path: maven-integration-testing/
           ref: ${{ env.REPO_BRANCH }}
+          persist-credentials: false
+
 
       - name: Set up cache for ~/.m2/repository
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.m2/repository
           key: it-m2-repo-${{ matrix.os }}-${{ hashFiles('maven-integration-testing/**/pom.xml') }}
@@ -104,13 +116,13 @@ jobs:
             it-m2-repo-${{ matrix.os }}-
 
       - name: Download built Maven
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
         with:
           name: built-maven
           path: built-maven/
 
       - name: Set up JDK
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           java-version: ${{ matrix.java }}
           distribution: 'temurin'
diff --git a/.github/workflows/maven_build_itself.yml b/.github/workflows/maven_build_itself.yml
index 348f260d1..2f6e828b3 100644
--- a/.github/workflows/maven_build_itself.yml
+++ b/.github/workflows/maven_build_itself.yml
@@ -19,8 +19,15 @@ name: Can Maven build itself
 
 on: [push, pull_request]
 
+# clare all permissions for GITHUB_TOKEN
+permissions: {}
+
 jobs:
   build:
+
+    # execute on any push or pull request from forked repo
+    if: github.event_name == 'push' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork )
+
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest]
@@ -30,8 +37,11 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v2
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-java@v3
         with:
           java-version: ${{ matrix.java }}
           distribution: 'temurin'