chore(deps): pin dependencies

Signed-off-by: RenovateBot <renovatebot@w9r.dev>
chore(deps): add renovate.json
2025-01-08 11:50:14 +00:00 · 2025-01-08 11:14:38 +00:00 · 2025-01-08 05:58:38 +01:00 · 2025-01-08 05:51:15 +01:00 · 2025-01-07 13:33:16 +01:00
2 changed files with 35 additions and 21 deletions
--- a/action.yml
+++ b/action.yml
@ -10,12 +10,19 @@ inputs:
  secretid:
    description: "Secret ID of Approle"
    default: ""
+outputs:
+  gituser:
+    description: User to use for git operations
+    value: ${{ steps.import-gpg.outputs.name }}
+  gitemail:
+    description: Email to use for git operations
+    value: ${{ steps.import-gpg.outputs.email }}
 runs:
  using: "composite"
  steps:
    - name: "Import Secrets"
      id: "import-secrets"
-      uses: "https://github.com/hashicorp/vault-action@v3"
+      uses: "https://github.com/hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c" # v3
      with:
        url: "https://vault.w9r.dev"
        method: "approle"
@ -23,19 +30,21 @@ runs:
        roleId: "${{ inputs.roleid }}"
        secretId: "${{ inputs.secretid }}"
        secrets: |
-          kv/data/ci/nexus username | NEXUS_USERNAME ;
-          kv/data/ci/nexus password | NEXUS_PASSWORD ;
+          kv/data/ci/nexus username | MAVEN_USERNAME ;
+          kv/data/ci/nexus password | MAVEN_CENTRAL_TOKEN ;
+          kv/data/ci/nexus username | JRELEASER_ARTIFACTORY_USERNAME ;
+          kv/data/ci/nexus password | JRELEASER_ARTIFACTORY_TOKEN ;
          kv/data/ci/vulnz username | VULNZ_USERNAME ;
          kv/data/ci/vulnz password | VULNZ_PASSWORD ;
-          kv/data/ci/releasebot gpgPrivateKey | RELEASEBOT_PRIVATE_KEY ;
-          kv/data/ci/releasebot gpgPublicKey | RELEASEBOT_PUBLIC_KEY ;
-          kv/data/ci/releasebot gpgPassphrase | RELEASEBOT_PASSPHRASE ;
+          kv/data/ci/releasebot gpgPrivateKey | JRELEASER_GPG_SECRET_KEY ;
+          kv/data/ci/releasebot gpgPublicKey | JRELEASER_GPG_PUBLIC_KEY ;
+          kv/data/ci/releasebot gpgPassphrase | JRELEASER_GPG_PASSPHRASE ;
          kv/data/ci/releasebot ciToken | JRELEASER_GITEA_TOKEN ;
          kv/data/ci/signing gpgPrivateKey | GPG_PRIVATE_KEY ;
          kv/data/ci/signing gpgPublicKey | GPG_PUBLIC_KEY ;
-          kv/data/ci/signing gpgPassphrase | GPG_PASSPHRASE ;
-          kv/data/ci/sonarqube sonarToken | SONARQUBE_TOKEN ;
-          kv/data/ci/sonarqube sonarHost | SONARQUBE_HOST ;
+          kv/data/ci/signing gpgPassphrase | MAVEN_GPG_PASSPHRASE ;
+          kv/data/ci/sonarqube sonarToken | SONAR_TOKEN ;
+          kv/data/ci/sonarqube sonarHost | SONAR_HOST_URL ;

    - name: "Set up Environment"
      shell: "bash"
@ -47,18 +56,17 @@ runs:
        touch /root/.jreleaser/config.properties

    - name: "Install syft"
-      uses: "https://github.com/anchore/sbom-action/download-syft@v0"
+      uses: "https://github.com/anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75" # v0
      id: "install_syft"
      with:
        syft-version: "v1.18.1"

    - name: "Setup Java and Maven"
-      uses: "https://github.com/s4u/setup-maven-action@v1.18.0"
+      uses: "https://github.com/s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1" # v1.18.0
      with:
        checkout-fetch-depth: 0
        java-distribution: "temurin"
        java-version: 21
-        cache: "maven"
        maven-version: 3.9.9
        settings-repositories: >
          [
@ -97,18 +105,18 @@ runs:
          [
            {
              "id": "maven-group",
-              "username": "${{ env.NEXUS_USERNAME }}",
-              "password": "${{ env.NEXUS_PASSWORD }}"
+              "username": "${{ env.MAVEN_USERNAME }}",
+              "password": "${{ env.MAVEN_CENTRAL_TOKEN }}"
            },
            {
              "id": "maven-snapshots",
-              "username": "${{ env.NEXUS_USERNAME }}",
-              "password": "${{ env.NEXUS_PASSWORD }}"
+              "username": "${{ env.MAVEN_USERNAME }}",
+              "password": "${{ env.MAVEN_CENTRAL_TOKEN }}"
            },
            {
              "id": "maven-releases",
-              "username": "${{ env.NEXUS_USERNAME }}",
-              "password": "${{ env.NEXUS_PASSWORD }}"
+              "username": "${{ env.MAVEN_USERNAME }}",
+              "password": "${{ env.MAVEN_CENTRAL_TOKEN }}"
            },
            {
              "id": "vulnz",
@ -128,10 +136,10 @@ runs:

    - name: "Import Commit Signing GPG key"
      id: "import-gpg"
-      uses: "https://github.com/crazy-max/ghaction-import-gpg@v6"
+      uses: "https://github.com/crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5" # v6
      with:
-        gpg_private_key: "${{ env.RELEASEBOT_PRIVATE_KEY }}"
-        passphrase: "${{ env.RELEASEBOT_PASSPHRASE }}"
+        gpg_private_key: "${{ env.JRELEASER_GPG_SECRET_KEY }}"
+        passphrase: "${{ env.JRELEASER_GPG_PASSPHRASE }}"
        git_user_signingkey: true
        git_commit_gpgsign: true

--- a/renovate.json
+++ b/renovate.json
@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>w9r.dev/renovate-config"
+  ]
+}
Author	SHA1	Message	Date
RenovateBot	97030434e7	chore(deps): pin dependencies Signed-off-by: RenovateBot <renovatebot@w9r.dev>	2025-01-08 11:50:14 +00:00
RenovateBot	0af6142823	chore(deps): add renovate.json Signed-off-by: RenovateBot <renovatebot@w9r.dev>	2025-01-08 11:14:38 +00:00
Oliver Weyhmueller	ac4173a983	fix: wrong variable name	2025-01-08 05:58:38 +01:00
Oliver Weyhmueller	ae3481a1ca	fix: rename variables to simplify dependant workflows	2025-01-08 05:51:15 +01:00
Oliver Weyhmueller	111f07883a	fix: add git user and email output	2025-01-07 13:33:16 +01:00