From 68d83c0ca7f6ebf4de21f05b1a4348bcbbd1d3ec Mon Sep 17 00:00:00 2001 From: Carlo Kroll Date: Mon, 29 Apr 2024 19:30:05 +0100 Subject: [PATCH 1/3] Update maven-dependency-submission-action to address permission issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Token Permissions: By explicitly specifying the repo-token: ${{secrets.GITHUB_TOKEN }} in the workflow, we are ensuring that the action uses a token that GitHub automatically generates for actions. This token should have permissions aligned with the GitHub repository's current policies. The update doesn’t necessarily change the permissions but clarifies which token is being used, ensuring there is no ambiguity that could lead to permissions errors. Addressing Potential Configuration Issues: The change might not directly adjust permissions (since I don’t have access to the settings), but it ensures that the action is correctly configured according to the latest standards. If there was any misconfiguration leading to the HTTP 403 error, correcting the action version and ensuring the correct use of tokens might resolve these issues. --- .github/workflows/maven.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index e5247f5..d88d46d 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -30,6 +30,8 @@ jobs: - name: Build with Maven run: mvn -B package --file pom.xml - # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive + # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive - name: Update dependency graph uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} From bead8efe49f1369c2bad3a06e8312f08e2a94399 Mon Sep 17 00:00:00 2001 From: Carlo Kroll Date: Mon, 29 Apr 2024 19:34:36 +0100 Subject: [PATCH 2/3] fix --- .github/workflows/maven.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index d88d46d..5137abd 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -34,4 +34,4 @@ jobs: - name: Update dependency graph uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} From b0d0ab4dc31351608b496fce7da7a72a88823ef8 Mon Sep 17 00:00:00 2001 From: Carlo Kroll Date: Mon, 2 Sep 2024 17:39:44 +0100 Subject: [PATCH 3/3] delete v3 v4 and optional part --- .github/workflows/maven.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 5137abd..f7380f8 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -20,9 +20,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java with: java-version: '17' distribution: 'temurin' @@ -30,8 +30,3 @@ jobs: - name: Build with Maven run: mvn -B package --file pom.xml - # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive - - name: Update dependency graph - uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 - with: - token: ${{ secrets.GITHUB_TOKEN }}