From 767b8ad4986369176b310e26364131f0766a7075 Mon Sep 17 00:00:00 2001 From: utkrishtS Date: Thu, 30 Apr 2026 04:24:35 +0530 Subject: [PATCH 1/6] fix: configure Java 8 for SCA scan and remove standalone Snyk workflow --- .github/workflows/sca_scan.yml | 4 ++++ .github/workflows/snyk.yml | 40 ---------------------------------- 2 files changed, 4 insertions(+), 40 deletions(-) delete mode 100644 .github/workflows/snyk.yml diff --git a/.github/workflows/sca_scan.yml b/.github/workflows/sca_scan.yml index 3cf3add..4e52649 100644 --- a/.github/workflows/sca_scan.yml +++ b/.github/workflows/sca_scan.yml @@ -1,6 +1,8 @@ name: SCA on: + push: + branches: ["master"] pull_request: branches: ["master"] workflow_dispatch: @@ -8,4 +10,6 @@ on: jobs: snyk-cli: uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main + with: + java-version: "8" secrets: inherit diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index 0cdf000..0000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Snyk - -on: - merge_group: - workflow_dispatch: - pull_request: - types: - - opened - - synchronize - push: - branches: - - master - schedule: - - cron: "30 0 1,15 * *" - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: ${{ github.ref != 'refs/heads/master' }} - -jobs: - check: - name: Check for Vulnerabilities - runs-on: ubuntu-latest - - steps: - - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' - run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha || github.ref }} - - - run: npm install snyk -g - - - run: snyk test - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 434b6ff4cdd9e8fffbfe545b8ab91f1d12a961c9 Mon Sep 17 00:00:00 2001 From: utkrishtS Date: Thu, 30 Apr 2026 04:39:07 +0530 Subject: [PATCH 2/6] fix: use actions/setup-java to persist Java across CI steps --- .github/actions/setup/action.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 98e09c7..c3c163c 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -5,7 +5,7 @@ inputs: java: description: The Java version to use required: false - default: 8.0.382-tem + default: 11 gradle: description: The Gradle version to use required: false @@ -19,11 +19,14 @@ runs: using: composite steps: + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: ${{ inputs.java }} + - run: | curl -s "https://get.sdkman.io" | bash - source "/home/runner/.sdkman/bin/sdkman-init.sh" - sdk list java - sdk install java ${{ inputs.java }} && sdk default java ${{ inputs.java }} + source "$HOME/.sdkman/bin/sdkman-init.sh" sdk install gradle ${{ inputs.gradle }} && sdk default gradle ${{ inputs.gradle }} sdk install kotlin ${{ inputs.kotlin }} && sdk default kotlin ${{ inputs.kotlin }} shell: bash From fd2bba6b4321132611fc4e85d240b8d9c1d23faf Mon Sep 17 00:00:00 2001 From: utkrishtS Date: Thu, 30 Apr 2026 04:45:28 +0530 Subject: [PATCH 3/6] ix: add mavenCentral to repositories for JCenter dependency resolution --- build.gradle | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.gradle b/build.gradle index 3a20404..c06ab30 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,7 @@ buildscript { repositories { google() + mavenCentral() jcenter() } @@ -19,6 +20,7 @@ allprojects { repositories { google() + mavenCentral() jcenter() } } From 86f3019f6f2d61d0ec6bffd3936ffb19dbd94516 Mon Sep 17 00:00:00 2001 From: utkrishtS Date: Thu, 30 Apr 2026 04:51:43 +0530 Subject: [PATCH 4/6] fix: remove defunct bintray plugin that blocks dependency resolution --- build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/build.gradle b/build.gradle index c06ab30..1764108 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,6 @@ buildscript { dependencies { classpath 'com.android.tools.build:gradle:3.6.1' - classpath 'com.jfrog.bintray.gradle:gradle-bintray-plugin:1.8.4' } } From e5c5b771def2361eb988618f3d61d3c4ac3c8563 Mon Sep 17 00:00:00 2001 From: utkrishtS Date: Thu, 30 Apr 2026 09:46:35 +0530 Subject: [PATCH 5/6] addessed review coment --- .github/workflows/sca_scan.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/sca_scan.yml b/.github/workflows/sca_scan.yml index 4e52649..7564907 100644 --- a/.github/workflows/sca_scan.yml +++ b/.github/workflows/sca_scan.yml @@ -1,10 +1,7 @@ name: SCA on: - push: - branches: ["master"] pull_request: - branches: ["master"] workflow_dispatch: jobs: From 3725bd3c1dbf33f4a5b3d00af3fdcef9465df6a3 Mon Sep 17 00:00:00 2001 From: utkrishtS Date: Thu, 30 Apr 2026 10:51:30 +0530 Subject: [PATCH 6/6] making java-version consitence --- .github/workflows/sca_scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sca_scan.yml b/.github/workflows/sca_scan.yml index 7564907..1aeecee 100644 --- a/.github/workflows/sca_scan.yml +++ b/.github/workflows/sca_scan.yml @@ -8,5 +8,5 @@ jobs: snyk-cli: uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main with: - java-version: "8" + java-version: "11" secrets: inherit