* Harden workflows with least-privilege permissions and zizmor
Apply GitHub Actions security best practices to the action's own
workflows and integrate zizmor to catch regressions.
- Add explicit least-privilege `permissions:` to every workflow
(contents: read for read-only workflows; default-deny `{}` with
job-scoped grants for codeql, publish-immutable-actions and
update-config-files).
- Set `persist-credentials: false` on all checkout steps that don't
need the GITHUB_TOKEN afterwards.
- Move `${{ ... }}` expansions out of `run:` blocks into `env:` vars
to avoid template injection.
- Pin the alpine container image (alpine:latest -> alpine:3.21).
- Add a zizmor CI workflow that uploads SARIF to code scanning, plus a
`.github/zizmor.yml` pinning policy (ref-pin for actions/* and
github/*, hash-pin for third-party actions).
zizmor now reports no findings (offline and online).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Fix indentation of if: in zizmor SARIF upload step
The `if:` key on the "Upload SARIF results to code scanning" step had no
indentation, producing invalid YAML ("Nested mappings are not allowed in
compact mappings"). This broke `npm run format-check` (prettier) in Basic
validation.
Indent `if:` to 8 spaces so it nests under the step alongside uses/with.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* chore(e2e-versions): Add e2e test scenario on `setup-java-version-from-file-major-minor-patch-with-dist` for `.sdkmanrc`
* chore(e2e-versions): Update `setup-java-version-from-file-major-minor-patch-with-dist` test to include the file name of the java-version-file that is used
* feat: Add support for `.sdkmanrc` as *Java Version File*
* chore: Add test for the latest known sdkman java versions
* docs(advanced-usage): Document support for `.sdkmanrc` as java-version-file
* chore(docs): Anyone can contribute and maintain 🤷
* Update advanced-usage.md
Add example step/file for `.sdkmanrc`
* Update advanced-usage.md
* Update util.ts
* chore: format and rebuild
* chore: untouch toolchains.ts
* fix check dist error
---------
Co-authored-by: mahabaleshwars <147705296+mahabaleshwars@users.noreply.github.com>
This workflow file publishes new action releases to the immutable action package of the same name as this repo.
This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature.
* added support for tool version file
* testing with one regex
* working regex
* Checked for the file extension
* added e2e checks for tool version
* removed error warning
* updated regex to support early version
* updated regex for early version support
* updated regex for early version
* updated regex to accept early versions
* added coreinfo to analyze
* updated the regex
* updated regex
* new regex for early version
* updated regex to match the new version file format
* new regex
* changed the regex
* redex updated
* used java version regex
* regex updated
* regex modified
* regex updated
* regex updated
* regex updated
* updated regex to support early versions
* Regex updated to support all java versions
* Documentation updated to add tool version description
* Documentation updated for the tool version file
* update the advanced doc and readme file to specify tool version changes
* eat: bump to use node20 runtime, actions/checkout to v4
* docs: update version of setup-java in documentation and e2e tests
---------
Co-authored-by: Ivan Zosimov <ivanzosimov@github.com>
Bruno Borges
dependabot[bot]
George Adams
Josh Soref
guicamest
priya-kinthali
the-mod
Salman Chishti
Haritha
Gregory Mitchell
mahabaleshwars
Joel Ambass
Fabio Niephaus
Tobias
K.B.Dharun Krishna
aparnajyothi-y
itchyny
Accelerator1996
Akihiro Nishikawa
Jordie
IvanZosimov
Ivan
Dmitry Shibanov
MaksimZhukov
Evgenii Korolevskii
James M. Greene
Fabio Niephaus
Dmitry Shibanov
Manuel
Florian Meriaux