From ad3291a5f1e8f2d07653cb70b47e1118575ba5b3 Mon Sep 17 00:00:00 2001 From: I569192 Date: Wed, 6 May 2026 11:55:29 +0200 Subject: [PATCH 1/4] cf login -> cf auth --- .github/actions/integration-tests/action.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/actions/integration-tests/action.yml b/.github/actions/integration-tests/action.yml index 738d4c38..7276983a 100644 --- a/.github/actions/integration-tests/action.yml +++ b/.github/actions/integration-tests/action.yml @@ -41,10 +41,17 @@ runs: - name: Authenticate with Cloud Foundry shell: bash + env: + CF_API: ${{ inputs.CF_API }} + CF_USERNAME: ${{ inputs.CF_USERNAME }} + CF_PASSWORD: ${{ inputs.CF_PASSWORD }} + CF_ORG: ${{ inputs.CF_ORG }} + CF_SPACE: ${{ inputs.CF_SPACE }} run: | - echo "::debug::CF_API=${{ inputs.CF_API }}" for i in {1..5}; do - cf login -a ${{ inputs.CF_API }} -u ${{ inputs.CF_USERNAME }} -p ${{ inputs.CF_PASSWORD }} -o ${{ inputs.CF_ORG }} -s ${{ inputs.CF_SPACE }} && break + cf api "$CF_API" && \ + cf auth && \ + cf target -o "$CF_ORG" -s "$CF_SPACE" && break echo "cf login failed, retrying ($i/5)..." sleep 10 if [ "$i" -eq 5 ]; then From 2653a1dc5779ae8c55d870e690f8ee7ffffa2799 Mon Sep 17 00:00:00 2001 From: I569192 Date: Wed, 6 May 2026 11:56:05 +0200 Subject: [PATCH 2/4] pin actions to shas --- .github/actions/integration-tests/action.yml | 4 ++-- .github/workflows/check-changelog.yml | 2 +- .github/workflows/issue.yml | 2 +- .github/workflows/lint.yml | 8 ++++---- .github/workflows/release.yml | 10 +++++----- .github/workflows/stale.yml | 2 +- .github/workflows/test.yml | 14 +++++--------- 7 files changed, 19 insertions(+), 23 deletions(-) diff --git a/.github/actions/integration-tests/action.yml b/.github/actions/integration-tests/action.yml index 7276983a..7f81c1a5 100644 --- a/.github/actions/integration-tests/action.yml +++ b/.github/actions/integration-tests/action.yml @@ -60,11 +60,11 @@ runs: fi done - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} - name: Use Node.js ${{ inputs.NODE_VERSION}} - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: ${{ inputs.NODE_VERSION }} - run: npm i -g @sap/cds-dk diff --git a/.github/workflows/check-changelog.yml b/.github/workflows/check-changelog.yml index fb1569e0..0e6c4b78 100644 --- a/.github/workflows/check-changelog.yml +++ b/.github/workflows/check-changelog.yml @@ -13,6 +13,6 @@ jobs: name: Check Changelog Action runs-on: ubuntu-latest steps: - - uses: tarides/changelog-check-action@v3 + - uses: tarides/changelog-check-action@0189fc7eedec3ef3e9648c713908f6f2a6e99057 # v3 with: changelog: CHANGELOG.md diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index 42b2d675..1e35cb97 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -19,7 +19,7 @@ jobs: NUMBER: ${{ github.event.issue.number }} LABELS: New - - uses: actions/github-script@v8 + - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | github.rest.issues.createComment({ diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index cebfdf35..8cb7d100 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -17,14 +17,14 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/setup-node@v6 - - uses: actions/checkout@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - run: npm i - run: npm run lint prettier: runs-on: ubuntu-latest steps: - - uses: actions/setup-node@v6 - - uses: actions/checkout@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - run: npx prettier . --check diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9e3ffffe..e41ec8cc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,8 +22,8 @@ jobs: runs-on: ubuntu-latest environment: npm steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 24 registry-url: https://registry.npmjs.org/ @@ -38,14 +38,14 @@ jobs: - name: get-version id: package-version - uses: martinbeentjes/npm-get-version-action@v1.2.3 + uses: martinbeentjes/npm-get-version-action@7aa1d82604bb2dbe377a64ca35e692e6fe333c9c # v1.2.3 - name: Parse changelog id: parse-changelog - uses: schwma/parse-changelog-action@v1.0.0 + uses: schwma/parse-changelog-action@69a9f9ab4cf2f2e736108ab41396fc3c55f65e40 # v1.0.0 with: version: "${{ steps.package-version.outputs.current-version }}" - name: Create a GitHub release - uses: ncipollo/release-action@v1 + uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: tag: "v${{ steps.package-version.outputs.current-version }}" body: "${{ steps.parse-changelog.outputs.body }}" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 3e33f1df..159229c5 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -11,7 +11,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v10 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10 with: close-issue-message: "This issue has been automatically closed due to 2 weeks of inactivity. If you believe this was a mistake, please reopen or comment to continue the discussion." days-before-stale: -1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6738ead4..774e1cdf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -29,11 +29,11 @@ jobs: matrix: node-version: [20.x, 22.x] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: ${{ matrix.node-version }} - run: npm i -g @sap/cds-dk @@ -53,12 +53,8 @@ jobs: hyperscaler: [AWS, AZURE, GCP] scanner-auth: [basic, mtls] steps: - - name: Checkout repository - uses: actions/checkout@v5 - with: - ref: ${{ github.event.pull_request.head.sha || github.sha }} - name: Integration tests (HANA) - uses: ./.github/actions/integration-tests + uses: cap-js/attachments/.github/actions/integration-tests@main with: CF_API: ${{ secrets[format('CF_API_{0}', matrix.hyperscaler)] }} CF_USERNAME: ${{ secrets['CF_USERNAME'] }} @@ -92,11 +88,11 @@ jobs: --health-timeout 5s --health-retries 5 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: ${{ matrix['node-version'] }} - run: npm i -g @sap/cds-dk From e6619087eecf0ba0db7dd14591b1972b51b0819d Mon Sep 17 00:00:00 2001 From: I569192 Date: Wed, 6 May 2026 11:56:25 +0200 Subject: [PATCH 3/4] add dependabot --- .github/dependabot.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..9d529cf7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + cooldown: + default-days: 7 + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - "*" + cooldown: + default-days: 7 From 6d32e1e8a050b574462e9d6e6dbbb94bf6e5ca4b Mon Sep 17 00:00:00 2001 From: I569192 Date: Wed, 6 May 2026 14:06:15 +0200 Subject: [PATCH 4/4] reorder checkout and setup-node steps --- .github/workflows/lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8cb7d100..4e8ea81b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -17,14 +17,14 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 - run: npm i - run: npm run lint prettier: runs-on: ubuntu-latest steps: - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 - run: npx prettier . --check