Commit graph

17 commits

Author SHA1 Message Date
tobiasKaminsky
92d3f08f6a
Setting token permissions to read-only follows the principle of least privilege.
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
2022-06-13 14:23:55 +02:00
Álvaro Brey
f54d234626
Merge pull request #10279 from nextcloud/chore/analysis-github-token
workflows/analysis: Use GITHUB_TOKEN instead of GIT_TOKEN, and some cleanup
2022-05-31 10:07:03 +02:00
Álvaro Brey
e74e12c293
Update some workflows
Signed-off-by: Álvaro Brey <alvaro.brey@nextcloud.com>
2022-05-23 10:11:36 +02:00
Álvaro Brey Vilas
7073746309
Use defusedxml for xml parsing instead of etree
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-04-27 11:03:59 +02:00
dependabot[bot]
5e924a5c4f
Bump actions/setup-java from 2 to 3
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-11 11:20:00 +00:00
Álvaro Brey Vilas
e7dbbb45b4
Analysis: use proper token for clone
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-03-09 09:01:50 +01:00
Álvaro Brey Vilas
bee3403b21
analysis: Checkout branch, but use repo too
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-03-08 13:50:04 +01:00
Álvaro Brey Vilas
421a672e1d
workflows: analysis: another attempt to fix checkout
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-03-08 10:27:24 +01:00
Álvaro Brey Vilas
d2cb7e33b5
Revert "workflows: analysis: default checkout"
This reverts commit 55f02b550b.

Signed-off-by: Álvaro Brey <alvaro.brey@nextcloud.com>
2022-03-08 10:25:38 +01:00
Álvaro Brey Vilas
55f02b550b
workflows: analysis: default checkout
Should work in checkout@v3

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-03-08 10:04:15 +01:00
dependabot[bot]
5e0c59cd6d
Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 08:20:38 +00:00
Álvaro Brey Vilas
494cceab8e
Analysis: fix checkout and commit generation
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-01-26 12:54:24 +01:00
Álvaro Brey Vilas
9f2bdd5916
Analysis: use pull_request_target
Can't post reports otherwise as github token is readonly in pull_request

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-01-26 11:33:53 +01:00
Álvaro Brey Vilas
22367838ab
Run analysis workflow on push too
Otherwise baseline results aren't generated

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-01-24 16:25:33 +01:00
Álvaro Brey Vilas
417dee2535
workflows: Use temurin JDK instead of adopt
Ref: https://blog.adoptopenjdk.net/2021/08/goodbye-adoptopenjdk-hello-adoptium/

tl;dr: AdoptOpenJDK is discontinued and recommendation is to use Eclipse Temurin instead

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-01-20 11:01:09 +01:00
Álvaro Brey Vilas
33a2043d3f
Analysis workflow: correct head ref for branch
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-01-14 13:08:21 +01:00
Álvaro Brey Vilas
9fa63c7547
Run analysis workflow in github actions
Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>
2022-01-13 09:29:43 +01:00