Merge pull request #462 from finos/github-actions-update

Updated plugins for github actions

Author: vaibhav-db

.github/workflows/build-branch.yml

@@ -15,7 +15,7 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v2
       - name: Cache Maven dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         env:
           cache-name: cache-mvn-modules
         with:

.github/workflows/build.yml

@@ -18,7 +18,7 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v2
       - name: Cache Maven dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         env:
           cache-name: cache-mvn-modules
         with:

.github/workflows/cve-scanning.yml

@@ -3,19 +3,18 @@ name: CVE Scanning for Maven
 on:
   pull_request:
     paths:
-      - 'pom.xml'
-      - '.github/workflows/cve-scanning.yml'
+      - "pom.xml"
+      - ".github/workflows/cve-scanning.yml"
   push:
     paths:
-      - 'pom.xml'
-      - '.github/workflows/cve-scanning.yml'
+      - "pom.xml"
+      - ".github/workflows/cve-scanning.yml"
   schedule:
     # Run every day at 5am and 5pm
-    - cron: '0 5,17 * * *'
-
+    - cron: "0 5,17 * * *"
 
 jobs:
- depchecktest:
+  depchecktest:
     runs-on: ubuntu-latest
     name: depcheck_test
     steps:
@@ -24,28 +23,28 @@ jobs:
       - name: Setup JDK 17
         uses: actions/setup-java@v3
         with:
-          java-version: '17'
-          distribution: 'temurin'
+          java-version: "17"
+          distribution: "temurin"
       - name: Build with Maven
-        run: mvn install 
+        run: mvn install
       - name: Depcheck
         uses: dependency-check/Dependency-Check_Action@1b5d19fd4a32ff0ff982e8c9d8e27dbf7ac8a46c
         id: Depcheck
         env:
           JAVA_HOME: /opt/jdk
         with:
-          project: 'spring-bot'
-          format: 'HTML'
-          path: '.'
-          out: 'reports' # this is the default, no need to specify unless you wish to override it
+          project: "spring-bot"
+          format: "HTML"
+          path: "."
+          out: "reports" # this is the default, no need to specify unless you wish to override it
           args: >
             --suppression ./.github/workflows/allow-list.xml
             --failOnCVSS 5
             --enableRetired
-            
+
       - name: Upload Test results
         if: ${{ always() }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Depcheck report
           path: ${{ github.workspace }}/reports

.github/workflows/license-check.yml

@@ -2,51 +2,51 @@ name: License Scanning for Maven
 
 on:
   schedule:
-    - cron: '0 8,18 * * 1-5'
+    - cron: "0 8,18 * * 1-5"
   push:
     paths:
-      - 'maven/pom.xml'
-      - '.github/workflows/license-check.yml'
-      - '.github/workflows/acceptable-licenses.txt'
+      - "maven/pom.xml"
+      - ".github/workflows/license-check.yml"
+      - ".github/workflows/acceptable-licenses.txt"
 
 jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - name: Cache Maven dependencies
-      uses: actions/cache@v2
-      env:
-        cache-name: cache-mvn-modules
-      with:
-        path: ~/.m2
-        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-build-${{ env.cache-name }}-
-          ${{ runner.os }}-build-
-          ${{ runner.os }}-
-    - name: Set up JDK 17
-      uses: actions/setup-java@v3
-      with:
-        java-version: 17
-        distribution: 'adopt'
-    - name: Install XQ
-      run: pip install xq
-    - name: Download deps and plugins
-      run: mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
-    - name: Build 
-      run: mvn install -DskipTests
-    - name: License XML report
-      run: |
-        mvn org.codehaus.mojo:license-maven-plugin:2.0.0:aggregate-download-licenses
-    - name: Validate XML report
-      run: |
-        ALLOW_LICENSES=`cat .github/workflows/acceptable-licenses.txt | sed "s|<name>|name='|" | sed "s|</name>|' |" | tr -s '\n' '~' | sed 's/\~/or /g' `
-        xq "//dependency[count(licenses/license[${ALLOW_LICENSES}])=0]" target/generated-resources/aggregate-licenses.xml  > target/license-issues.xml
-        LINES_FOUND=`cat target/license-issues.xml | grep "<result>" | wc -l`
-        if [ $LINES_FOUND -gt 0 ]; then cat target/license-issues.xml ; exit -1; fi
-    - name: Upload license XML Issues
-      uses: actions/upload-artifact@v3
-      with:
-        name: license-xml-report
-        path: 'target/license-issues.xml' 
+      - uses: actions/checkout@v3
+      - name: Cache Maven dependencies
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-mvn-modules
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: "adopt"
+      - name: Install XQ
+        run: pip install xq
+      - name: Download deps and plugins
+        run: mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
+      - name: Build
+        run: mvn install -DskipTests
+      - name: License XML report
+        run: |
+          mvn org.codehaus.mojo:license-maven-plugin:2.0.0:aggregate-download-licenses
+      - name: Validate XML report
+        run: |
+          ALLOW_LICENSES=`cat .github/workflows/acceptable-licenses.txt | sed "s|<name>|name='|" | sed "s|</name>|' |" | tr -s '\n' '~' | sed 's/\~/or /g' `
+          xq "//dependency[count(licenses/license[${ALLOW_LICENSES}])=0]" target/generated-resources/aggregate-licenses.xml  > target/license-issues.xml
+          LINES_FOUND=`cat target/license-issues.xml | grep "<result>" | wc -l`
+          if [ $LINES_FOUND -gt 0 ]; then cat target/license-issues.xml ; exit -1; fi
+      - name: Upload license XML Issues
+        uses: actions/upload-artifact@v4
+        with:
+          name: license-xml-report
+          path: "target/license-issues.xml"

.github/workflows/semgrep.yml

@@ -5,11 +5,11 @@ on: [push, pull_request]
 jobs:
   semgrep:
     name: run-semgrep
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     container:
       image: returntocorp/semgrep
     steps:
-    - uses: actions/checkout@v3
-    - run: semgrep scan --error --config auto
-      env:
-        SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+      - uses: actions/checkout@v3
+      - run: semgrep scan --error --config auto
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml

@@ -113,7 +113,7 @@
 		<dependency>
 			<groupId>com.azure</groupId>
 	  		<artifactId>azure-core-http-netty</artifactId>	
-	  		<version>1.14.1</version>	<!-- Replace with property -->
+	  		<version>${azure-core-http-netty.version}</version>
 		</dependency>
 
 		<dependency>

pom.xml

@@ -49,7 +49,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<spring-boot.version>3.4.0</spring-boot.version>
+		<spring-boot.version>3.4.5</spring-boot.version>
 		<maven.compiler.source>17</maven.compiler.source>
 		<maven.compiler.target>17</maven.compiler.target>
 		<java.version>17</java.version>
@@ -70,7 +70,7 @@
 		<symphony-bdk.version>3.0.0</symphony-bdk.version>
 		<!--<mimepull.version>1.9.15</mimepull.version>-->
 		<!--<thymeleaf.version>2.7.0</thymeleaf.version>-->	
-		<azure-core-http-netty.version>1.9.1</azure-core-http-netty.version>	
+		<azure-core-http-netty.version>1.15.11</azure-core-http-netty.version>	
 		<nimbus-jose-jwt.version>9.9.1</nimbus-jose-jwt.version>	
 		<httpclient.version>4.5.13</httpclient.version>			
 		<corenlp.version>4.5.7</corenlp.version>