Update github actions to node 20

https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/
fugerit-org · Feb 10, 2024 · c371510 · c371510
1 parent ff848db
commit c371510
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/.github/workflows/build_maven_package.yml b/.github/workflows/build_maven_package.yml
@@ -1,14 +1,14 @@
 # CI with maven build and scan
 
-name: CI maven build and sonar cloud scan
+name: CI maven build and scan
 
 on:
   # Trigger analysis when pushing in master or pull requests, and when creating
   # a pull request.
   push:
     branches:
       - main
-      - branch-sonarcloud
+      - branch-scan
   pull_request:
     types:
       - opened
@@ -20,24 +20,24 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@main
         with:
           # Shallow clones should be disabled for a better relevancy of analysis
           fetch-depth: 0
       - name: Set up JDK 17
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@main
         with:
           java-version: '17'
           distribution: 'corretto'
           cache: 'maven'
       - name: Cache Maven packages
-        uses: actions/cache@v4
+        uses: actions/cache@main
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
       - name: Cache SonarCloud packages
-        uses: actions/cache@v1
+        uses: actions/cache@main
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
@@ -66,7 +66,7 @@ jobs:
         # Snyk can be used to break the build when it detects vulnerabilities.
         # In this case we want to upload the issues to GitHub Code Scanning
         continue-on-error: true
-        uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
+        uses: snyk/actions/docker@main
         env:
           # In order to use the Snyk Action you will need to have a Snyk API token.
           # More details in https://github.com/snyk/actions#getting-your-snyk-token
@@ -76,6 +76,10 @@ jobs:
           image: fj-doc-playground-quarkus
           args: --file=fj-doc-playground-quarkus/Dockerfile
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@main
         with:
-          sarif_file: snyk.sarif
+          sarif_file: snyk.sarif
+
+      # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+      - name: Update dependency graph
+        uses: advanced-security/maven-dependency-submission-action@main