File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
12version : 2
23updates :
3- - package-ecosystem : github-actions
4- directory : /
5- schedule :
6- interval : weekly
7- labels :
8- - ' comp: tooling'
9- - ' tag: dependencies'
10- - ' tag: no release notes'
11- commit-message :
12- prefix : ' chore(ci): '
13- groups :
14- gh-actions-packages :
15- patterns :
16- - ' *'
17- cooldown :
18- default-days : 14
19- - package-ecosystem : gradle
20- directory : /
21- schedule :
22- interval : weekly
23- allow :
24- - dependency-name : gradle
25- ignore :
26- - dependency-name : gradle
27- update-types :
28- - version-update:semver-major
29- labels :
30- - ' comp: tooling'
31- - ' tag: dependencies'
32- - ' tag: no release notes'
33- commit-message :
34- prefix : ' chore(build): '
35- cooldown :
36- default-days : 14
4+ - package-ecosystem : github-actions
5+ directory : /
6+ schedule :
7+ interval : weekly
8+ labels :
9+ - ' comp: tooling'
10+ - ' tag: dependencies'
11+ - ' tag: no release notes'
12+ commit-message :
13+ prefix : ' chore(ci): '
14+ groups :
15+ gh-actions-packages :
16+ patterns :
17+ - ' *'
18+ cooldown :
19+ default-days : 2
20+
21+ - package-ecosystem : gradle
22+ directory : /
23+ schedule :
24+ interval : weekly
25+ allow :
26+ - dependency-name : gradle
27+ ignore :
28+ - dependency-name : gradle
29+ update-types :
30+ - version-update:semver-major
31+ labels :
32+ - ' comp: tooling'
33+ - ' tag: dependencies'
34+ - ' tag: no release notes'
35+ commit-message :
36+ prefix : ' chore(build): '
37+ cooldown :
38+ default-days : 2
Original file line number Diff line number Diff line change 2020 with :
2121 submodules : ' recursive'
2222 - name : Cache Gradle dependencies
23- uses : actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
23+ uses : actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
2424 with :
2525 path : |
2626 ~/.gradle/caches
3030 ${{ runner.os }}-gradle-
3131
3232 - name : Initialize CodeQL
33- uses : github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
33+ uses : github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
3434 with :
3535 languages : ' java'
3636 build-mode : ' manual'
4343 ./gradlew clean :dd-java-agent:shadowJar --build-cache --parallel --stacktrace --no-daemon --max-workers=4
4444
4545name : Perform CodeQL Analysis and upload results to GitHub Security tab
46- uses : github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
46+ uses : github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
4747
4848 trivy :
4949 name : Analyze changes with Trivy
6060 submodules : ' recursive'
6161
6262 - name : Cache Gradle dependencies
63- uses : actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
63+ uses : actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
6464 with :
6565 path : |
6666 ~/.gradle/caches
@@ -102,7 +102,7 @@ jobs:
102102 TRIVY_JAVA_DB_REPOSITORY : ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
103103
104104 - name : Upload Trivy scan results to GitHub Security tab
105- uses : github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
105+ uses : github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
106106 if : always()
107107 with :
108108 sarif_file : ' trivy-results.sarif'
Original file line number Diff line number Diff line change 3030 fetch-depth : 0
3131
3232 - name : Cache Gradle dependencies
33- uses : actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
33+ uses : actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
3434 with :
3535 path : |
3636 ~/.gradle/caches
You can’t perform that action at this time.
0 commit comments