diff --git a/.github/macaron/defaults.ini b/.github/macaron/defaults.ini
new file mode 100644
index 0000000..41f0ef9
--- /dev/null
+++ b/.github/macaron/defaults.ini
@@ -0,0 +1,13 @@
+[analysis.checks]
+exclude =
+ mcn_build_as_code_1
+ mcn_build_service_1
+ mcn_find_artifact_pipeline_1
+ mcn_provenance_available_1
+ mcn_provenance_verified_1
+ mcn_provenance_derived_commit_1
+ mcn_provenance_derived_repo_1
+ mcn_provenance_witness_level_one_1
+ mcn_provenance_expectation_1
+ mcn_trusted_builder_level_three_1
+include = *
diff --git a/.github/workflows/build-trivy.yaml b/.github/workflows/build-trivy.yaml
index d8d6591..74e6ff6 100644
--- a/.github/workflows/build-trivy.yaml
+++ b/.github/workflows/build-trivy.yaml
@@ -37,6 +37,9 @@ on:
# Every day at midnight
- cron: '0 0 * * *'
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
@@ -44,7 +47,7 @@ jobs:
# Checkout the source, we need a depth of zero to fetch all the history otherwise
# the copyright check cannot work out the date of the files from Git.
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
diff --git a/.github/workflows/macaron-check-github-actions.yml b/.github/workflows/macaron-check-github-actions.yml
new file mode 100644
index 0000000..d8de3dd
--- /dev/null
+++ b/.github/workflows/macaron-check-github-actions.yml
@@ -0,0 +1,39 @@
+name: Macaron check-github-actions
+
+on:
+ pull_request:
+ paths:
+ - ".github/workflows/**"
+ - ".github/actions/**"
+ push:
+ branches:
+ - main
+ paths:
+ - ".github/workflows/**"
+ - ".github/actions/**"
+ workflow_dispatch:
+ schedule:
+ - cron: "17 4 * * 1"
+
+permissions:
+ contents: read
+
+jobs:
+ macaron-check-github-actions:
+ name: Macaron policy verification
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ fetch-depth: 0
+ persist-credentials: false
+
+ - name: Run Macaron check-github-actions policy
+ uses: oracle/macaron@b31acfe389133a5587d9639063ec70cb84e7bc47 # v0.23.0
+ with:
+ repo_path: ./
+ defaults_path: .github/macaron/defaults.ini
+ policy_file: check-github-actions
+ policy_purl: pkg:github.com/${{ github.repository }}@.*
+ reports_retention_days: 90
diff --git a/.github/workflows/test-against-released.yml b/.github/workflows/test-against-released.yml
index 8d0f023..9a32ef3 100644
--- a/.github/workflows/test-against-released.yml
+++ b/.github/workflows/test-against-released.yml
@@ -34,6 +34,9 @@ on:
branches:
- '*'
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
@@ -50,17 +53,17 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Cache Maven packages
- uses: actions/cache@v4
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up JDK 11 for Build
- uses: actions/setup-java@v4
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: '17'
distribution: 'zulu'
@@ -80,20 +83,20 @@ jobs:
mvn --file coherence-visualvm-tests/coherence-visualvm-tests-ce/pom.xml --batch-mode -e -Dcoherence.version=${{ matrix.version }} clean install
- name: Build Artifacts test logs
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: failure()
with:
name: test-output-${{ matrix.version }}
path: coherence-visualvm-tests/**/target/test-output/**/*
- name: Coherence VisualVM Plugin NBM
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coherence-visualvm-plugin-nbm-${{ matrix.version }}
path: coherence-visualvm-plugin/target/coherence-visualvm-plugin*.nbm
- name: Coherence VisualVM Plugin Javadoc
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coherence-visualvm-plugin-javadoc-${{ matrix.version }}
path: coherence-visualvm-plugin/target/coherence-visualvm-plugin*javadoc.jar
diff --git a/.github/workflows/test-against-snapshot-1440.yml b/.github/workflows/test-against-snapshot-1440.yml
index 3af1e65..cdeee8c 100644
--- a/.github/workflows/test-against-snapshot-1440.yml
+++ b/.github/workflows/test-against-snapshot-1440.yml
@@ -37,6 +37,9 @@ on:
# Every day at midnight
- cron: '0 0 * * *'
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
@@ -44,14 +47,14 @@ jobs:
fail-fast: false
matrix:
coherenceVersion:
- - 14.1.1-0-23-SNAPSHOT
+ - 14.1.1-0-25-SNAPSHOT
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Cache Maven packages
- uses: actions/cache@v4
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -61,7 +64,7 @@ jobs:
run: mvn -version && ant -version
- name: Set up JDK 11 for Plugin
- uses: actions/setup-java@v4
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: 11
distribution: 'zulu'
@@ -80,20 +83,20 @@ jobs:
mvn --file coherence-visualvm-tests/coherence-visualvm-tests-ce/pom.xml --batch-mode -nsu -e -Dcoherence.version=$COH_VERSION clean install
- name: Build Artifacts test logs
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: failure()
with:
name: test-output-${{ matrix.coherenceVersion }}
path: coherence-visualvm-tests/**/target/test-output/**/*
- name: Coherence VisualVM Plugin NBM
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coherence-visualvm-plugin-nbm-${{ matrix.coherenceVersion }}
path: coherence-visualvm-plugin/target/coherence-visualvm-plugin*.nbm
- name: Coherence VisualVM Plugin Javadoc
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coherence-visualvm-plugin-javadoc-${{ matrix.coherenceVersion }}
path: coherence-visualvm-plugin/target/coherence-visualvm-plugin*javadoc.jar
diff --git a/.github/workflows/test-against-snapshot.yml b/.github/workflows/test-against-snapshot.yml
index 9d97244..f3c9870 100644
--- a/.github/workflows/test-against-snapshot.yml
+++ b/.github/workflows/test-against-snapshot.yml
@@ -37,6 +37,9 @@ on:
# Every day at midnight
- cron: '0 0 * * *'
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
@@ -44,24 +47,24 @@ jobs:
fail-fast: false
matrix:
coherenceVersion:
- - 25.03.3-SNAPSHOT
+ - 15.1.1-0-2-SNAPSHOT
- 25.09-SNAPSHOT
- - 22.06.14-SNAPSHOT
- - 14.1.2-0-4-SNAPSHOT
+ - 22.06.16-SNAPSHOT
+ - 14.1.2-0-6-SNAPSHOT
steps:
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Cache Maven packages
- uses: actions/cache@v4
+ uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # 5.0.5
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2-snapshots
- name: Set up JDK 17 for Build
- uses: actions/setup-java@v4
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
java-version: 17
distribution: 'zulu'
@@ -86,20 +89,20 @@ jobs:
mvn --file coherence-visualvm-tests/coherence-visualvm-tests-topics/pom.xml -P topics --batch-mode -nsu -e -Dcoherence.version=$COH_VERSION clean install
- name: Build Artifacts test logs
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: failure()
with:
name: test-output-${{ matrix.coherenceVersion }}
path: coherence-visualvm-tests/**/target/test-output/**/*
- name: Coherence VisualVM Plugin NBM
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coherence-visualvm-plugin-nbm-${{ matrix.coherenceVersion }}
path: coherence-visualvm-plugin/target/coherence-visualvm-plugin*.nbm
- name: Coherence VisualVM Plugin Javadoc
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coherence-visualvm-plugin-javadoc-${{ matrix.coherenceVersion }}
path: coherence-visualvm-plugin/target/coherence-visualvm-plugin*javadoc.jar
diff --git a/pom.xml b/pom.xml
index 7b48a6c..a1814a0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -63,7 +63,7 @@
--add-opens=java.base/java.net=ALL-UNNAMED
3.0.12
- 2.16.2
+ 2.18.6
${jackson.version}
1.8
1.8