Open
Conversation
Bumps the prod-github-actions group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [gradle/actions](https://github.com/gradle/actions). Updates `github/codeql-action` from 3.28.17 to 3.28.18 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.28.17...v3.28.18) Updates `gradle/actions` from 4.3.1 to 4.4.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@06832c7...8379f6a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-github-actions - dependency-name: gradle/actions dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
- the github advanced security template suggests the push main branch trigger
There was a problem hiding this comment.
Pull Request Overview
Updates GitHub Actions workflows to run on pushes to main and bumps key action versions for security scans and Gradle setup.
- Added
pushtrigger formainbranch across all security and lint workflows. - Upgraded
gradle/actions/setup-gradlefrom v4.3.1 to v4.4.1. - Updated
github/codeql-actionandupload-sarifsteps to v3.29.1.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/release-publish-ossrh.yml | Bump Gradle setup to v4.4.1 |
| .github/workflows/prerelease-publish-local.yml | Bump Gradle setup to v4.4.1 |
| .github/workflows/mobsf.yml | Add push: main trigger; bump SARIF uploader to v3.29.1 |
| .github/workflows/lint.yml | Add push: main; bump Gradle setup and SARIF uploader |
| .github/workflows/detekt.yml | Add push: main; bump Gradle setup and SARIF uploader |
| .github/workflows/codeql.yml | Add push: main; bump CodeQL init/autobuild/analyze |
- Solves #210 - If you are using gradle-home-cache-cleanup: true in your workflow, you can remove this option as this is now enabled by default. https://github.com/gradle/actions/blob/main/docs/deprecation-upgrade-guide.md#the-gradle-home-cache-cleanup-input-parameter-has-been-replaced-by-cache-cleanup
Contributor
Author
|
@johnjeffers could you please allow the following actions:
|
Contributor
Author
|
@lyleschemmerling this is ready to go as soon as @johnjeffers allows the Gradle action. |
johnjeffers
previously approved these changes
Jun 30, 2025
Contributor
Author
|
thanks @johnjeffers all checks now passed @lyleschemmerling this is good to go. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates GitHub Actions workflows to improve GitHub Advanced Security, removes deprecated parameter, and ensure the use of the latest dependencies.
Workflow Trigger Updates:
Added
pushtriggers for themainbranch in the following workflows:.github/workflows/codeql.yml,.github/workflows/detekt.yml,.github/workflows/lint.yml, and.github/workflows/mobsf.yml. This ensures that workflows run on both pull requests and direct pushes tomain. Because the github advanced security template suggests the push main branch trigger.Solves #211
Remove gradle-home-cache-cleanup
We where using gradle-home-cache-cleanup: true in our workflow, and can remove this option as this is now enabled by default. https://github.com/gradle/actions/blob/main/docs/deprecation-upgrade-guide.md#the-gradle-home-cache-cleanup-input-parameter-has-been-replaced-by-cache-cleanup
Solves #210
Dependency Updates:
Update dependencies based on #207