From dbbdc2fa93049186aaa59618287b201350024da7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 09:17:04 +0000 Subject: [PATCH 1/2] Bump gradle/actions from 3 to 4 Bumps [gradle/actions](https://github.com/gradle/actions) from 3 to 4. - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/v3...v4) --- updated-dependencies: - dependency-name: gradle/actions dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 4 ++-- .github/workflows/gradle-wrapper-validation.yml | 2 +- .github/workflows/syntax-check.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 672f132..4b29a71 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@v4 # Runs a single command using the runners shell - name: Compile and run tests on robot code @@ -61,7 +61,7 @@ jobs: # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@v4 # Runs a single command using the runners shell - name: Run tests on robot code diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 5c793e2..36cbf88 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -27,4 +27,4 @@ jobs: # Runs an action from the Gradle org to validate the Gradle wrapper, see # https://github.com/gradle/wrapper-validation-action?tab=readme-ov-file#the-gradle-wrapper-problem-in-open-source # for more details as to why this is important. - - uses: gradle/actions/wrapper-validation@v3 + - uses: gradle/actions/wrapper-validation@v4 diff --git a/.github/workflows/syntax-check.yml b/.github/workflows/syntax-check.yml index 823262a..084dc8d 100644 --- a/.github/workflows/syntax-check.yml +++ b/.github/workflows/syntax-check.yml @@ -41,7 +41,7 @@ jobs: # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@v4 # Runs our formatter for easier code review - name: Run spotlessApply From ca0c70e63fe6fa70865b305a6373524b6aa82bb0 Mon Sep 17 00:00:00 2001 From: Garrett Summerfield Date: Thu, 15 Aug 2024 23:59:34 -0500 Subject: [PATCH 2/2] chore: Remove Gradle wrapper validation workflow The Gradle wrapper validation workflow has been removed from the repository. This workflow was responsible for checking the validity of the Gradle wrapper. However, it is no longer necessary due to gradle/actions including this by default and has been deemed redundant. Fixed spelling mistakes and updated README.md to reflect those changes. --- .../workflows/gradle-wrapper-validation.yml | 30 ------------------- README.md | 17 +++++------ 2 files changed, 8 insertions(+), 39 deletions(-) delete mode 100644 .github/workflows/gradle-wrapper-validation.yml diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml deleted file mode 100644 index 36cbf88..0000000 --- a/.github/workflows/gradle-wrapper-validation.yml +++ /dev/null @@ -1,30 +0,0 @@ -# This workflow will check the validity of the Gradle wrapper in your repository. -name: "Validate Gradle Wrapper" - -# Controls when the action will run. Triggers the workflow on push or pull request -# events but only for the main branch. -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - validation: - name: "Validation" - # The type of runner that the job will run on - runs-on: ubuntu-latest - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 - - # Runs an action from the Gradle org to validate the Gradle wrapper, see - # https://github.com/gradle/wrapper-validation-action?tab=readme-ov-file#the-gradle-wrapper-problem-in-open-source - # for more details as to why this is important. - - uses: gradle/actions/wrapper-validation@v4 diff --git a/README.md b/README.md index 05399db..d08f400 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,12 @@ Prepackaged with GitHub Actions for CI/CD, Qodana for static analysis, CodeQL fo ## Build Status -| Action | Status | -| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| CI | [![Build](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/ci.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/ci.yml) | -| Qodana | [![Qodana](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/qodana.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/qodana.yml) | -| CodeQL | [![CodeQL Scanning](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/codeql.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/codeql.yml) | -| Spotless | [![Syntax Check](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/syntax-check.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/syntax-check.yml) | -| Gradle Validation | [![Validate Gradle Wrapper](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/gradle-wrapper-validation.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/gradle-wrapper-validation.yml) | +| Action | Status | +| -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| CI | [![Build](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/ci.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/ci.yml) | +| Qodana | [![Qodana](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/qodana.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/qodana.yml) | +| CodeQL | [![CodeQL Scanning](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/codeql.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/codeql.yml) | +| Spotless | [![Syntax Check](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/syntax-check.yml/badge.svg)](https://github.com/OakvilleDynamics/frc-robot-template/actions/workflows/syntax-check.yml) | ## How to use @@ -36,7 +35,7 @@ Prepackaged with GitHub Actions for CI/CD, Qodana for static analysis, CodeQL fo - [Qodana](https://www.jetbrains.com/qodana/) action for static analysis (helpful for finding bugs and code smells) - [CodeQL](https://codeql.github.com/) action for static analysis and security scanning (helpful for finding bugs and security vulnerabilities) - [Spotless](https://github.com/diffplug/spotless) enforcement action for code formatting (helpful for keeping code cleanly formatted after commits) - - [Gradle Validation](https://github.com/gradle/wrapper-validation-action/tree/v1/?tab=readme-ov-file#the-gradle-wrapper-problem-in-open-source) action for validating the Gradle wrapper (helpful for ensuring [supply chain](https://en.wikipedia.org/wiki/Supply_chain_attack) security) + - [Gradle Validation](https://github.com/gradle/actions/blob/main/docs/wrapper-validation.md) action for validating the Gradle wrapper (helpful for ensuring [supply chain](https://en.wikipedia.org/wiki/Supply_chain_attack) security) - Preconfigured setup for [Command-Based Robot](https://docs.wpilib.org/en/stable/docs/software/commandbased/index.html) projects (helpful for getting started) - [Dependabot](https://docs.github.com/en/code-security/dependabot) for dependency updates (helpful for keeping dependencies up to date) - Preconfigured setup for [Spotless](https://github.com/diffplug/spotless) inside of Gradle (helpful for keeping code cleanly formatted during development) @@ -52,7 +51,7 @@ Prepackaged with GitHub Actions for CI/CD, Qodana for static analysis, CodeQL fo > - Create a new [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) to [scope the repository](https://docs.github.com/en/codespaces/managing-codespaces-for-your-organization/managing-development-environment-secrets-for-your-repository-or-organization#adding-secrets-for-a-repository) itself > - Create a new [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) to [scope the organization](https://docs.github.com/en/codespaces/managing-codespaces-for-your-organization/managing-development-environment-secrets-for-your-repository-or-organization#adding-secrets-for-an-organization) to be used elsewhere (helpful if using this template on multiple different projects) > -> If using a PAT in an organization, it is recommended to create a sock account that is generic but still has access to push to the repository, as this will be given [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) to do other harm if that PAT were to be inadvertenly public +> If using a PAT in an organization, it is recommended to create a sock account that is generic but still has access to push to the repository, as this will be given [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) to do other harm if that PAT were to be inadvertently public > > Make sure you also grant the sock account proper access to the repository, that includes branch protections and write access to the repository