mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use pinned-dependencies for GitHub Actions (#38183)

Browse Source 
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
This commit is contained in:
Bruno Oliveira da Silva
2025-06-05 07:44:45 -03:00
committed by GitHub
parent 193bee0c6e
commit f2743e161c
21 changed files with 98 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/archive-surefire-reports/action.yml vendored
View File

@@ -37,7 +37,7 @@ runs:
- id: upload-surefire-linux
name: Upload Surefire reports
if: (!cancelled() && contains(fromJSON(inputs.release-branches), github.ref) && contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name))
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: surefire-${{ inputs.job-id }}
path: |

4
.github/actions/build-keycloak/action.yml vendored
View File

@@ -49,7 +49,7 @@ runs:
- id: upload-keycloak-maven-repository
name: Upload Keycloak Maven artifacts
if: inputs.upload-m2-repo == 'true'
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: m2-keycloak.tzts
path: m2-keycloak.tzts
@@ -58,7 +58,7 @@ runs:
- id: upload-keycloak-dist
name: Upload Keycloak dist
if: inputs.upload-dist == 'true'
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: keycloak-dist
path: quarkus/dist/target/keycloak*.tar.gz

2
.github/actions/integration-test-setup/action.yml vendored
View File

@@ -35,7 +35,7 @@ runs:
- id: download-keycloak
name: Download Keycloak Maven artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: m2-keycloak.tzts

2
.github/actions/java-setup/action.yml vendored
View File

@@ -16,7 +16,7 @@ runs:
steps:
- id: setup-java
name: Setup Java
uses: actions/setup-java@v4
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: ${{ inputs.distribution }}
java-version: ${{ inputs.java-version }}

4
.github/actions/maven-cache/action.yml vendored
View File

@@ -19,7 +19,7 @@ runs:
- id: cache-maven-repository
name: Maven cache
uses: actions/cache@v4
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
if: inputs.create-cache-if-it-doesnt-exist == 'true'
with:
# Two asterisks are needed to make the follow-up exclusion work
@@ -44,7 +44,7 @@ runs:
- id: restore-maven-repository
name: Maven cache
uses: actions/cache/restore@v4
uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
if: inputs.create-cache-if-it-doesnt-exist == 'false'
with:
# This needs to repeat the same path pattern as above to find the matching cache

2
.github/actions/node-cache/action.yml vendored
View File

@@ -12,7 +12,7 @@ runs:
echo "pnpm=$(cat js/pom.xml | grep '<pnpm.version>' | cut -d '>' -f 2 | cut -d '<' -f 1 | cut -c 1-)" >> $GITHUB_OUTPUT
# Downloading Node.js often fails due to network issues, therefore we cache the artifacts downloaded by the frontend plugin.
- uses: actions/cache@v4
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
id: cache-binaries
name: Cache Node.js and PNPM binaries
with:

2
.github/actions/pnpm-setup/action.yml vendored
View File

@@ -11,7 +11,7 @@ runs:
using: composite
steps:
- name: Set up Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ inputs.node-version }}
check-latest: true

2
.github/actions/pnpm-store-cache/action.yml vendored
View File

@@ -9,7 +9,7 @@ runs:
shell: bash
run: echo "key=pnpm-store-`date -u "+%Y-%U"`" >> $GITHUB_OUTPUT
- uses: actions/cache@v4
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
name: Cache PNPM store
with:
# See: https://pnpm.io/npmrc#store-dir

4
.github/actions/upload-flaky-tests/action.yml vendored
View File

@@ -47,9 +47,9 @@ runs:
echo "EOF" >> $GITHUB_OUTPUT
fi
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ steps.flaky-tests.outputs.flakes }}
with:
name: flaky-tests-${{ github.job }}-${{ join(matrix.*, '-') }}
path: ${{ steps.flaky-tests.outputs.flakes }}
if-no-files-found: error
if-no-files-found: error

2
.github/actions/upload-heapdumps/action.yml vendored
View File

@@ -8,7 +8,7 @@ runs:
name: Upload JVM Heapdumps
# Windows runners are running into https://github.com/actions/upload-artifact/issues/240
if: runner.os != 'Windows'
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: jvm-heap-dumps
path: |

2
.github/workflows/aurora-delete.yml vendored
View File

@@ -20,7 +20,7 @@ jobs:
name: Delete Aurora DB
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Initialize AWS client
run: |

58
.github/workflows/ci.yml vendored
View File

@@ -41,7 +41,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: conditional
uses: ./.github/actions/conditional
@@ -63,7 +63,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@@ -78,7 +78,7 @@ jobs:
needs: build
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: unit-test-setup
name: Unit test setup
@@ -115,7 +115,7 @@ jobs:
group: [1, 2, 3, 4, 5, 6]
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -150,7 +150,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -191,7 +191,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -236,7 +236,7 @@ jobs:
os: [ ubuntu-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# We want to download Keycloak artifacts
- id: integration-test-setup
@@ -288,7 +288,7 @@ jobs:
env:
MAVEN_OPTS: -Xmx1536m
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -334,7 +334,7 @@ jobs:
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -386,7 +386,7 @@ jobs:
timeout-minutes: 100
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -422,7 +422,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 150
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -453,7 +453,7 @@ jobs:
- name: EC2 Maven Logs
if: failure()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: store-it-mvn-logs
path: .github/scripts/ansible/files
@@ -469,7 +469,7 @@ jobs:
variant: [ "clusterless,multi-site" ]
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -508,7 +508,7 @@ jobs:
contents: read
actions: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: node-cache
name: Node cache
@@ -605,7 +605,7 @@ jobs:
- name: EC2 Maven Logs
if: failure()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: auroraDB-migration-tests-mvn-logs
path: .github/scripts/ansible/files
@@ -648,7 +648,7 @@ jobs:
- name: EC2 Maven Logs
if: failure()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: aurora-integration-tests-mvn-logs
path: .github/scripts/ansible/files
@@ -681,7 +681,7 @@ jobs:
db: [postgres, mysql, oracle, mssql, mariadb]
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -762,7 +762,7 @@ jobs:
if: needs.conditional.outputs.ci-store == 'true'
timeout-minutes: 75
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -796,7 +796,7 @@ jobs:
env:
MAVEN_OPTS: -Xmx1536m
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -829,7 +829,7 @@ jobs:
needs: build
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Fake fips
run: |
@@ -864,7 +864,7 @@ jobs:
mode: [non-strict, strict]
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Fake fips
run: |
@@ -908,7 +908,7 @@ jobs:
browser: [chrome, firefox]
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -953,7 +953,7 @@ jobs:
- firefox
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -995,7 +995,7 @@ jobs:
timeout-minutes: 30
steps:
- name: checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -1008,7 +1008,7 @@ jobs:
- id: cache-maven-repository
name: ipa-data cache
uses: actions/cache@v4
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: ~/ipa-data.tar
key: ${{ steps.weekly-cache-key.outputs.key }}
@@ -1033,7 +1033,7 @@ jobs:
database: [postgres, mysql, oracle, mssql, mariadb]
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -1075,7 +1075,7 @@ jobs:
needs: build
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -1091,7 +1091,7 @@ jobs:
- build
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: integration-test-setup
name: Integration test setup
@@ -1128,7 +1128,7 @@ jobs:
- base-new-integration-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

22
.github/workflows/codeql-analysis.yml vendored
View File

@@ -37,7 +37,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: conditional
uses: ./.github/actions/conditional
@@ -55,10 +55,10 @@ jobs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
languages: java
@@ -66,7 +66,7 @@ jobs:
uses: ./.github/actions/build-keycloak
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
wait-for-processing: true
env:
@@ -83,17 +83,17 @@ jobs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
wait-for-processing: true
env:
@@ -110,17 +110,17 @@ jobs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: typescript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
wait-for-processing: true
env:
@@ -136,7 +136,7 @@ jobs:
- typescript
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

12
.github/workflows/documentation.yml vendored
View File

@@ -35,7 +35,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: conditional
uses: ./.github/actions/conditional
@@ -48,7 +48,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: setup-java
name: Setup Java
@@ -66,7 +66,7 @@ jobs:
- id: upload-keycloak-documentation
name: Upload Keycloak documentation
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: keycloak-documentation
path: docs/documentation/dist/target/*.zip
@@ -78,7 +78,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: setup-java
name: Setup Java
@@ -102,7 +102,7 @@ jobs:
- build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}
jobs: ${{ toJSON(needs) }}

6
.github/workflows/guides.yml vendored
View File

@@ -36,7 +36,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: conditional
uses: ./.github/actions/conditional
@@ -50,7 +50,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@@ -63,7 +63,7 @@ jobs:
- build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

32
.github/workflows/js-ci.yml vendored
View File

@@ -35,7 +35,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: conditional
uses: ./.github/actions/conditional
@@ -48,7 +48,7 @@ jobs:
if: needs.conditional.outputs.js-ci == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@@ -58,7 +58,7 @@ jobs:
mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz
- name: Upload Keycloak dist
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: keycloak
path: keycloak-999.0.0-SNAPSHOT.tar.gz
@@ -71,7 +71,7 @@ jobs:
env:
WORKSPACE: "@keycloak/keycloak-admin-client"
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/pnpm-setup
@@ -89,7 +89,7 @@ jobs:
env:
WORKSPACE: "@keycloak/keycloak-ui-shared"
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/pnpm-setup
@@ -107,7 +107,7 @@ jobs:
env:
WORKSPACE: "@keycloak/keycloak-account-ui"
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/pnpm-setup
@@ -125,7 +125,7 @@ jobs:
env:
WORKSPACE: keycloak-admin-ui
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/pnpm-setup
@@ -148,12 +148,12 @@ jobs:
env:
WORKSPACE: "@keycloak/keycloak-account-ui"
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/pnpm-setup
- name: Download Keycloak server
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: keycloak
@@ -177,7 +177,7 @@ jobs:
working-directory: js
- name: Upload Playwright report
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: account-ui-playwright-report
@@ -186,7 +186,7 @@ jobs:
- name: Upload server logs
if: always()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: account-ui-server-log
path: ~/server.log
@@ -225,7 +225,7 @@ jobs:
- browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }}
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/pnpm-setup
@@ -234,7 +234,7 @@ jobs:
working-directory: js
- name: Download Keycloak server
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: keycloak
@@ -260,7 +260,7 @@ jobs:
working-directory: js
- name: Upload Playwright report
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: admin-ui-playwright-report-${{ matrix.browser }}
@@ -269,7 +269,7 @@ jobs:
- name: Upload server logs
if: always()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: admin-ui-server-log-${{ matrix.browser }}
path: ~/server.log
@@ -288,7 +288,7 @@ jobs:
- admin-ui-e2e
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

2
.github/workflows/label.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
permissions:
issues: write # Required to add labels to Issues
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: .github/scripts
- name: Add release labels on merge

22
.github/workflows/operator-ci.yml vendored
View File

@@ -37,7 +37,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: conditional
uses: ./.github/actions/conditional
@@ -50,7 +50,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@@ -63,7 +63,7 @@ jobs:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Java
uses: ./.github/actions/java-setup
@@ -80,7 +80,7 @@ jobs:
matrix:
suite: [slow, fast]
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set version
id: vars
@@ -90,7 +90,7 @@ jobs:
uses: ./.github/actions/java-setup
- name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.13.1
uses: manusa/actions-setup-minikube@5d9440a1b535e8b4f541eaac559681a9022df29d # v2.13.1
with:
minikube version: ${{ env.MINIKUBE_VERSION }}
kubernetes version: ${{ env.KUBERNETES_VERSION }}
@@ -100,7 +100,7 @@ jobs:
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: keycloak-dist
path: quarkus/container
@@ -131,13 +131,13 @@ jobs:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Java
uses: ./.github/actions/java-setup
- name: Setup Minikube-Kubernetes
uses: manusa/actions-setup-minikube@v2.13.1
uses: manusa/actions-setup-minikube@5d9440a1b535e8b4f541eaac559681a9022df29d # v2.13.1
with:
minikube version: ${{ env.MINIKUBE_VERSION }}
kubernetes version: ${{ env.KUBERNETES_VERSION }}
@@ -146,7 +146,7 @@ jobs:
start args: --memory=${{ env.MINIKUBE_MEMORY }}
- name: Install OPM
uses: redhat-actions/openshift-tools-installer@v1
uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1.13.1
with:
source: github
opm: 1.21.0
@@ -160,7 +160,7 @@ jobs:
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: keycloak-dist
path: quarkus/container
@@ -221,7 +221,7 @@ jobs:
- test-olm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

2
.github/workflows/quarkus-next.yml vendored
View File

@@ -25,7 +25,7 @@ jobs:
permissions:
contents: write # Required to push changes to the repository
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: main
fetch-depth: 0

6
.github/workflows/snyk-analysis.yml vendored
View File

@@ -21,7 +21,7 @@ jobs:
permissions:
security-events: write # Required for SARIF uploads
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@@ -35,7 +35,7 @@ jobs:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload Quarkus scanner results to GitHub
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
continue-on-error: true
with:
sarif_file: quarkus-report.sarif
@@ -50,7 +50,7 @@ jobs:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload Operator scanner results to GitHub
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
sarif_file: operator-report.sarif
category: snyk-operator-report

6
.github/workflows/trivy-analysis.yml vendored
View File

@@ -24,10 +24,10 @@ jobs:
security-events: write # Required for SARIF uploads
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.30.0
uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0
with:
image-ref: quay.io/keycloak/${{ matrix.container }}:nightly
format: sarif
@@ -41,7 +41,7 @@ jobs:
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
sarif_file: trivy-results.sarif
category: ${{ matrix.container }}