👷 Remove un-allowlisted actions (#1086)

LogFlames · web-flow · commit 7c30a4c823f9 · 2025-03-13T15:21:03.000+01:00
diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml
@@ -27,10 +27,6 @@ jobs:
         with:
           java-version: '17'
           distribution: 'temurin'
-      - name: Set up Maven
-        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
-        with:
-          maven-version: 3.9.6
       - name: mvn clean verify
         run: mvn clean verify
       - name: Build with Maven
@@ -64,10 +60,6 @@ jobs:
         with:
           java-version: '17'
           distribution: 'temurin'
-      - name: Set up Maven
-        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
-        with:
-          maven-version: 3.9.6
       - name: Build with Maven
         run: mvn --batch-mode --update-snapshots clean install
       - name: Run reproducibility check
diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml
@@ -25,10 +25,6 @@ jobs:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Maven
-        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
-        with:
-          maven-version: 3.9.6
       - name: Generate action.yml
         run: mvn generate-resources resources:copy-resources -q
       - name: Run Maven Spotless
@@ -44,6 +40,6 @@ jobs:
           fi
       - name: Commit changes
         if: steps.check_changes.outputs.changes == 'true'
-        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
+        uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # 5.1.0
         with:
-          message: "📝 Update Documentation with current version"
+          commit_message: "📝 Update Documentation with current version"
diff --git a/.github/workflows/jreleaser.yml b/.github/workflows/jreleaser.yml
@@ -34,10 +34,6 @@ jobs:
           java-version: '17'
           distribution: 'temurin'
           cache: maven
-      - name: Set up Maven
-        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
-        with:
-          maven-version: 3.9.6
       - name: Set git user
         run: |
           git config --global user.name "GitHub Actions Bot"
diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml
@@ -41,14 +41,9 @@ jobs:
         with:
           java-version: '17'
           distribution: 'temurin'
-      - name: Set up Maven
-        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
-        with:
-          maven-version: 3.9.6
-      - name: jbang
-        uses: jbangdev/setup-jbang@2b1b465a7b75f4222b81426f23a01e013aa7b95c # v0.1.1
-        with:
-          version: 0.119.0
+      - id: install-jbang
+        run: curl -Ls https://sh.jbang.dev | bash -s - app setup
+        shell: bash
       - name: SmokeTest
         run: |
           jbang .github/smoketest/SmokeTest.java
diff --git a/README.md b/README.md
@@ -187,16 +187,41 @@ It still works for pull requests from the same repository. Renovate also works w
 
 ### Arguments
 
-- `github-token` (required): The GitHub token used to commit the lockfile to the repository.
-- `commit-lockfile` (optional, default=true): Whether to commit an updated lockfile to the repository. The action can be used to update lockfiles automatically in e.g. pull requests (se warning about pull-requests from forks). If this is true and the pom.xml or workflow-file has updated it will create and commit the new lockfile - the action **will not** fail if the lockfile is outdated or invalid and only push the correct version. If this is false or the pom.xml and workflow-file remain unchanged, the action be used to verify the lockfile is correct - the action **will** fail in case of an outdated or invalid lockfile.
-- `commit-message` (optional, default='chore: update lockfile'): The commit message for the lockfile if `commit-lockfile` is true.
-- `commit-author` (optional, default='github\_actions'): The author for the lockfile commit if `commit-lockfile` is true. GitHub provides three values for this field.
-  - github\_actor -> `UserName <UserName@users.noreply.github.com>`
-  - user\_info -> `Your Display Name <your-actual@email.com>`
-  - github\_actions -> `github-actions <email associated with the github logo>`
-- `include-maven-plugins` (optional, default='false'): Whether to include Maven plugins in the lockfile.
-- `lockfile-name` (optional, default="lockfile.json"): The name of the lockfile to generate/validate.
-- `workflow-filename` (optional, default='Lockfile.yml'): The name of the workflow file, to automatically trigger lockfile generation when the workflow is updated.
+Extended github actions example with all available options:
+
+```yml
+- uses: chains-project/maven-lockfile@bdabb56b82feb242cd543af007b333bd8276e44e # v5.3.5
+  with:
+    # Required. The GitHub token used to commit the updated lockfile to the repository.
+    - github-token: ${{ secrets.JRELEASER_GITHUB_TOKEN }}
+
+    # Optional. Whether to commit an updated lockfile to the repository. The action can be used 
+    #  to update lockfiles automatically in e.g. pull requests (se warning about pull-requests 
+    #  from forks). If this is true and the pom.xml or workflow-file has updated it will create 
+    #  and commit the new lockfile - the action **will not** fail if the lockfile is outdated 
+    #  or invalid and only push the correct version. If this is false or the pom.xml and 
+    #  workflow-file remain unchanged, the action be used to verify the lockfile is correct - 
+    #  the action **will** fail in case of an outdated or invalid lockfile.
+    # Defaults to true.
+    - commit-lockfile: true
+
+    # Optional. The commit message for the lockfile if 'commit-lockfile' is true.
+    # Defaults to 'chore: update lockfile'
+    - commit-message: 'chore: update lockfile'
+
+    # Optional. Wether to include Maven plugins in the lockfile.
+    # Defaults to false.
+    - include-maven-plugins: false
+
+    # Optional. The name of the lockfile to generate/validate.
+    # Defaults to 'lockfile.json'.
+    - lockfile-name: 'lockfile.json'
+
+    # Optional. The name of the workflow file, to automatically trigger lockfile generation with 
+    #  the workflow is updated.
+    # Defaults to 'Lockfile.yml'
+    workflow-filename: 'Lockfile.yml'
+```
 
 ### Using Action in Release with `-SNAPSHOT`-versions (synchronizing lockfile with release)
 
diff --git a/action.yml b/action.yml
@@ -15,16 +15,6 @@ inputs:
     description: 'Commit message for the lockfile'
     required: false
     default: 'chore: update lockfile'
-  commit-author:
-    description: |
-        '
-        Author for the lockfile commit. GitHub provides three values for this field.
-        - github_actor -> UserName <UserName@users.noreply.github.com>
-        - user_info -> Your Display Name <your-actual@email.com>
-        - github_actions -> github-actions <email associated with the github logo
-        '
-    required: false
-    default: 'github_actions'
   include-maven-plugins:
     description: 'Include Maven plugins in the lockfile'
     required: false
@@ -53,25 +43,25 @@ runs:
         java-version: '17'
         distribution: 'temurin'
         cache: maven
-    - name: Set up Maven
-      uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
-      with:
-        maven-version: 3.8.2
     - id: install-jbang
       run: curl -Ls https://sh.jbang.dev | bash -s - app setup
       shell: bash
-    - name: Get all changed pom.xml and lockfile.json file(s)
-      id: changed-files
-      uses: tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f # v45
-      with:
-        files: |
-              **/pom.xml
-              **/${{ inputs.workflow-filename}}
-    - name: print all changed files
-      run: echo all changed files are ${{ steps.changed-files.outputs.all_changed_files }}
+    - name: Get all changed pom.xml and workflow file(s)
+      id: detect-changes
+      run: |
+        CHANGED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} -- '**/pom.xml' '**/${{ inputs.workflow-filename }}')
+        echo "CHANGED_FILES=$CHANGED_FILES" >> $GITHUB_ENV
+      shell: bash
+    - name: Print all changed files
+      run: echo "All changed files are $CHANGED_FILES"
       shell: bash
     - name: Set POM_CHANGED environment variable
-      run: echo "POM_CHANGED=${{ steps.changed-files.outputs.any_changed}}" >> $GITHUB_ENV
+      run: |
+        if [[ -n "$CHANGED_FILES" ]]; then
+          echo "POM_CHANGED=true" >> $GITHUB_ENV
+        else
+          echo "POM_CHANGED=false" >> $GITHUB_ENV
+        fi
       shell: bash
     - name: print POM-CHANGED
       run: echo "pom changed ${{ env.POM_CHANGED }}"
@@ -87,7 +77,6 @@ runs:
         GITHUB_TOKEN: ${{ inputs.github-token }}
     - id: commit-lockfile
       if: inputs.commit-lockfile == 'true'
-      uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
+      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # 5.1.0
       with:
-          default_author: ${{ inputs.commit-author }}
-          message: ${{ inputs.commit-message }}
+          commit_message: ${{ inputs.commit-message }}
diff --git a/template/action.yml b/template/action.yml
@@ -15,16 +15,6 @@ inputs:
     description: 'Commit message for the lockfile'
     required: false
     default: 'chore: update lockfile'
-  commit-author:
-    description: |
-        '
-        Author for the lockfile commit. GitHub provides three values for this field.
-        - github_actor -> UserName <UserName@users.noreply.github.com>
-        - user_info -> Your Display Name <your-actual@email.com>
-        - github_actions -> github-actions <email associated with the github logo
-        '
-    required: false
-    default: 'github_actions'
   include-maven-plugins:
     description: 'Include Maven plugins in the lockfile'
     required: false
@@ -53,25 +43,25 @@ runs:
         java-version: '17'
         distribution: 'temurin'
         cache: maven
-    - name: Set up Maven
-      uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
-      with:
-        maven-version: 3.8.2
     - id: install-jbang
       run: curl -Ls https://sh.jbang.dev | bash -s - app setup
       shell: bash
-    - name: Get all changed pom.xml and lockfile.json file(s)
-      id: changed-files
-      uses: tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f # v45
-      with:
-        files: |
-              **/pom.xml
-              **/${{ inputs.workflow-filename}}
-    - name: print all changed files
-      run: echo all changed files are ${{ steps.changed-files.outputs.all_changed_files }}
+    - name: Get all changed pom.xml and workflow file(s)
+      id: detect-changes
+      run: |
+        CHANGED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} -- '**/pom.xml' '**/${{ inputs.workflow-filename }}')
+        echo "CHANGED_FILES=$CHANGED_FILES" >> $GITHUB_ENV
+      shell: bash
+    - name: Print all changed files
+      run: echo "All changed files are $CHANGED_FILES"
       shell: bash
     - name: Set POM_CHANGED environment variable
-      run: echo "POM_CHANGED=${{ steps.changed-files.outputs.any_changed}}" >> $GITHUB_ENV
+      run: |
+        if [[ -n "$CHANGED_FILES" ]]; then
+          echo "POM_CHANGED=true" >> $GITHUB_ENV
+        else
+          echo "POM_CHANGED=false" >> $GITHUB_ENV
+        fi
       shell: bash
     - name: print POM-CHANGED
       run: echo "pom changed ${{ env.POM_CHANGED }}"
@@ -87,7 +77,6 @@ runs:
         GITHUB_TOKEN: ${{ inputs.github-token }}
     - id: commit-lockfile
       if: inputs.commit-lockfile == 'true'
-      uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
+      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # 5.1.0
       with:
-          default_author: ${{ inputs.commit-author }}
-          message: ${{ inputs.commit-message }}
+          commit_message: ${{ inputs.commit-message }}
