2 năm trước cách đây · ddfe06fd64
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,11 +32,11 @@ jobs:
 
				         with:
			
 
				           swap-size-gb: 10
			
 
				       - name: Initialize CodeQL
			
 
				-        uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1
			
 
				+        uses: github/codeql-action/init@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
			
 
				         with:
			
 
				           languages: ${{ matrix.language }}
			
 
				       - name: Set up JDK
			
 
				-        uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3.9.0
			
 
				+        uses: actions/setup-java@3f07048e3d294f56e9b90ac5ea2c6f74e9ad0f98 # v3.10.0
			
 
				         with:
			
 
				           distribution: "temurin"
			
 
				           java-version: 11
			
@@ -46,4 +46,4 @@ jobs:
 
				           echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > "$HOME/.gradle/gradle.properties"
			
 
				           ./gradlew assembleDebug
			
 
				       - name: Perform CodeQL Analysis
			
 
				-        uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1
			
 
				+        uses: github/codeql-action/analyze@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
			
--- a/.github/workflows/gradle-wrapper-validation.yml
+++ b/.github/workflows/gradle-wrapper-validation.yml
@@ -1,8 +1,10 @@
 
				+# synced from @nextcloud/android-config
			
 
				 name: "Validate Gradle Wrapper"
			
 
				-
			
 
				 on:
			
 
				     pull_request:
			
 
				         branches: [ master, stable-* ]
			
 
				+    push:
			
 
				+        branches: [ master, stable-* ]
			
 
				 
			
 
				 # Declare default permissions as read only.
			
 
				 permissions: read-all
			
@@ -12,5 +14,5 @@ jobs:
 
				         name: "Validation"
			
 
				         runs-on: ubuntu-latest
			
 
				         steps:
			
 
				-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
			
 
				-            -   uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1
			
 
				+            - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
			
 
				+            - uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1.0.5
			
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,38 @@
 
				+# synced from @nextcloud/android-config
			
 
				+name: Scorecard supply-chain security
			
 
				+on:
			
 
				+  branch_protection_rule:
			
 
				+  schedule:
			
 
				+    - cron: '32 23 * * 4'
			
 
				+  push:
			
 
				+    branches: [ "main", "master" ]
			
 
				+
			
 
				+# Declare default permissions as read only.
			
 
				+permissions: read-all
			
 
				+
			
 
				+jobs:
			
 
				+  analysis:
			
 
				+    name: Scorecard analysis
			
 
				+    runs-on: ubuntu-latest
			
 
				+    permissions:
			
 
				+      # Needed to upload the results to code-scanning dashboard.
			
 
				+      security-events: write
			
 
				+
			
 
				+    steps:
			
 
				+      - name: "Checkout code"
			
 
				+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
			
 
				+        with:
			
 
				+          persist-credentials: false
			
 
				+
			
 
				+      - name: "Run analysis"
			
 
				+        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
			
 
				+        with:
			
 
				+          results_file: results.sarif
			
 
				+          results_format: sarif
			
 
				+          publish_results: false
			
 
				+
			
 
				+      # Upload the results to GitHub's code scanning dashboard.
			
 
				+      - name: "Upload to code-scanning"
			
 
				+        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
			
 
				+        with:
			
 
				+          sarif_file: results.sarif