Repository follow standard to use git hash to pin the GitHub actions. Updated the container security scan workflow actions with their git hashes
Signed-off-by: Chaminda Divitotawela <cdivitotawela@gmail.com>
Container security scanning workflow added. This runs on schedule everyday. Also possible to run on-demand for a given image tag
Signed-off-by: Chaminda Divitotawela <cdivitotawela@gmail.com>
Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com>
Co-authored-by: Justin Florentine <justin+github@florentine.us>
* build: Update jacoco version to 0.8.11
* build: Enforce Java 21 and above check for build
* CI: Use Java 21 in Github CI workflows
* CI: Use Java 21 in circleci workflows
* build: Update gradle verification metadata for jacoco 0.8.11
* refactor: Fix javadoc related warnings which are applicable to Java 21
* fix(test): BackwardSyncAlgSpec slightly increase timeout to pass it in CI
---------
Signed-off-by: Usman Saleem <usman@usmans.info>
DCO App not working and needed to be disabled the check.
Introducing DCO GitHub action workflow to validate the commit signatures.
Closes#7175
Signed-off-by: Chaminda Divitotawela <cdivitotawela@gmail.com>
Signed-off-by: Ry Jones <ry@linux.com>
Now that the arm64 runners are re-created with the ubuntu 22.04 image,
docker and other tools are available.
See #7053 and #7171fixes#7026
Signed-off-by: Sean Young <sean@mess.org>
Co-authored-by: Simon Dudley <simon.dudley@consensys.net>
* Split unit tests by time
Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>
* Parallelize compile and unit tests since there is not shared cache
Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>
* fix
Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>
* Reduce ATs runnes to 10
Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>
* Apply suggestions from code review
Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com>
Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>
---------
Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net>
Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com>
Publish to dockerhub on merge to the main branch
Signed-off-by: garyschulte <garyschulte@gmail.com>
Co-authored-by: Simon Dudley <simon.dudley@consensys.net>
* correcting env vars
* removes conditionals which result in skipped tasks being considered success
* spotless fix
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>
* resumes publishing jars, but not distros to artifactory
* checkMavenCoordinateCollisions needs a publication with an explicitly set version, does not inherit project.version
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>
Co-authored-by: garyschulte <garyschulte@gmail.com>
* pull_req instead of target
* updates template to put description first
* compensate for changes to versioning on interim builds
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>
Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com>
* make artifacts more snapshot friendly
* break out new workflows for snapshots, and a develop releease
* removes checking for approval, runs on pr update
* adds concurrency so updated refs cancel prior runs if still running
* explicitly disable caching on gradle setup tasks
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>
* repo owner didn't include repo name
* switches back to docker.io
* specify registry and login consistently
* artifacts workflow can be manually executed
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>
* wildcard in place of task name in path, in case it gets changed.
* test splitting action is unreliable at these numbers of tests
* pin to new gradle action, increase runners
* found the missing tests, back to parity
* rename to avoid consolidation status collision with workflow name
* fixes javadoc checks at build time
* overrides project version on release, so embeds (startup info) will match release artifacts
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>
Co-authored-by: RoboCopsGoneSock <158174948+RoboCopsGoneSock@users.noreply.github.com>
- Uses pull_request_target to make sure action definitions only come from main or release-*. This also allows them to escalate privs.
- All priv escalations moved as narrowly as possible. Typically this is only required to upload test results.
- All actions pinned to specific SHA versions. When updated, repository settings will need to be adjusted to allow it.
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>