Skip to content

🌱 Bump github/codeql-action from 3.27.5 to 3.28.3 #527

🌱 Bump github/codeql-action from 3.27.5 to 3.28.3

🌱 Bump github/codeql-action from 3.27.5 to 3.28.3 #527

Workflow file for this run

name: ubuntu-workflow
on:
push:
branches:
- master
pull_request:
branches:
- '*'
permissions: # limit the permissions of the GITHUB_TOKEN to reading repository contents
contents: read
jobs:
build:
permissions:
actions: write # for styfle/cancel-workflow-action to cancel/stop running workflows
contents: read # for actions/checkout to fetch code
runs-on: ubuntu-latest
outputs:
build-scan-url: ${{ steps.build.outputs.build-scan-url }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- name: Cancel Previous Runs
uses: styfle/[email protected]
with:
access_token: ${{ github.token }}
- uses: actions/checkout@v4
with:
submodules: true
- uses: gradle/wrapper-validation-action@v3
- uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- id: build
name: Gradle clean build
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HEAD_REF: ${{ github.head_ref }}
run: ./gradlew clean build
publish-scan-url:
needs:
- build
permissions:
pull-requests: write # to allow creating or updating a comment
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- name: Get current time
uses: 1466587594/get-current-time@v2
id: current-time
with:
format: "YYYY-MM-DD HH:mm:ss"
utcOffset: "+00:00"
- name: Write Buildscan URL to Summary
env:
TIMESTAMP: ${{ steps.current-time.outputs.formattedTime }}
BUILD_SCAN_URL: ${{ needs.build.outputs.build-scan-url }}
run: |
echo "**Timestamp:** $TIMESTAMP" >> $GITHUB_STEP_SUMMARY
echo "**Buildscan URL for ubuntu-workflow run:**" >> $GITHUB_STEP_SUMMARY
echo "[$GITHUB_RUN_ID](https://github.com/Flank/flank/actions/runs/$GITHUB_RUN_ID)" >> $GITHUB_STEP_SUMMARY
echo "$BUILD_SCAN_URL" >> $GITHUB_STEP_SUMMARY