- Uses pull_request_target to make sure action definitions only come from main or release-*. This also allows them to escalate privs.
- All priv escalations moved as narrowly as possible. Typically this is only required to upload test results.
- All actions pinned to specific SHA versions. When updated, repository settings will need to be adjusted to allow it.
---------
Signed-off-by: Justin Florentine <justin+github@florentine.us>
* no need to run codeql on merge group
* no need to run repolinter on merge group
* no need to run checks and gradle-wrapper on merge group
Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com>
---------
Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com>
Update following sections:
Gradle build, CircleCI, GitHub Actions, Docker
The devp2p TLS mutual authentication unit tests dealing with PKCS11+nss and QBFT+PKCS11+nss ATs were failing on Java 17 when dealing with RSA keys. The unit tests and AT are updated to use EC keys instead. The keystores, truststores, CRL etc. involved in those ATs are regenerated and detailed instructions are provided on how they are created.
Signed-off-by: Usman Saleem <usman@usmans.info>