From e1c627d4fa863f70b605b0a38502c5b39db8d5bb Mon Sep 17 00:00:00 2001 From: Davis Rollman Date: Mon, 6 Apr 2026 23:07:01 -0400 Subject: [PATCH 1/3] Update GitHub Actions and enable Dependabot --- .github/dependabot.yml | 10 +++ .github/workflows/bounty.yml | 2 +- .github/workflows/format.yml | 4 +- .github/workflows/main.yml | 66 +++++++++---------- .github/workflows/screenshot-test-comment.yml | 8 +-- 5 files changed, 50 insertions(+), 40 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3e4a382ed4..875b39fedd 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,13 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "ci" + labels: + - "dependencies" + - "github-actions" diff --git a/.github/workflows/bounty.yml b/.github/workflows/bounty.yml index 99689a7d5d..bbd263fae6 100644 --- a/.github/workflows/bounty.yml +++ b/.github/workflows/bounty.yml @@ -14,7 +14,7 @@ jobs: if: startsWith(github.event.label.name, 'diff:') steps: - name: Comment bounty info - uses: actions/github-script@v7 + uses: actions/github-script@v8.0.0 env: FORUM_URL: "https://hub.jmonkeyengine.org/t/bounty-program-trial-starts-today/49394/" RESERVE_HOURS: "48" diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index 6ff2d099fa..dc4b7afee1 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -8,11 +8,11 @@ jobs: if: ${{ false }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6.0.2 with: fetch-depth: 0 - name: Prettify code - uses: creyD/prettier_action@v4.3 + uses: creyD/prettier_action@v4.6 with: prettier_options: --tab-width 4 --print-width 110 --write **/**/*.java prettier_version: "2.8.8" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0fcf2e3f35..55f48ada1f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -65,7 +65,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6.0.2 - name: Start xvfb run: | Xvfb :99 -ac -screen 0 1024x768x16 & @@ -81,12 +81,12 @@ jobs: echo "MESA_LOADER_DRIVER_OVERRIDE=$MESA_LOADER_DRIVER_OVERRIDE" echo "GALLIUM_DRIVER=$GALLIUM_DRIVER" - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v4 + uses: gradle/actions/wrapper-validation@v6.1.0 - name: Test with Gradle Wrapper run: | ./gradlew :jme3-screenshot-test:screenshotTest - name: Upload Test Reports - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v6.0.0 if: always() with: name: screenshot-test-report @@ -106,23 +106,23 @@ jobs: run: echo $JAVA_HOME --- $JAVA_HOME_8_X64 --- $JAVA_HOME_11_X64 --- $JAVA_HOME_17_X64 --- $JAVA_HOME_21_X64 --- - name: Setup the java environment - uses: actions/setup-java@v4 + uses: actions/setup-java@v5.2.0 with: distribution: 'temurin' java-version: '11.0.26+4' - name: Setup the XCode version to 15.1.0 - uses: maxim-lobanov/setup-xcode@v1 + uses: maxim-lobanov/setup-xcode@v1.7.0 with: xcode-version: '15.1.0' - name: Clone the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6.0.2 with: fetch-depth: 1 - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v4 + uses: gradle/actions/wrapper-validation@v6.1.0 - name: Build run: | @@ -130,7 +130,7 @@ jobs: :jme3-ios-native:build - name: Upload natives - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v6.0.0 with: name: ios-natives path: jme3-ios-native/template/META-INF/robovm/ios/libs/jme3-ios-native.xcframework @@ -144,12 +144,12 @@ jobs: steps: - name: Clone the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6.0.2 with: fetch-depth: 1 - name: Setup Java 11 - uses: actions/setup-java@v4 + uses: actions/setup-java@v5.2.0 with: distribution: temurin java-version: '11' @@ -164,7 +164,7 @@ jobs: cmake --version - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v4 + uses: gradle/actions/wrapper-validation@v6.1.0 - name: Build run: | @@ -173,7 +173,7 @@ jobs: :jme3-android-native:assemble - name: Upload natives - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v6.0.0 with: name: android-natives path: build/native @@ -205,30 +205,30 @@ jobs: steps: - name: Clone the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6.0.2 with: fetch-depth: 1 - name: Setup the java environment - uses: actions/setup-java@v4 + uses: actions/setup-java@v5.2.0 with: distribution: 'temurin' java-version: ${{ matrix.jdk }} - name: Download natives for android - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: android-natives path: build/native - name: Download natives for iOS - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: ios-natives path: jme3-ios-native/template/META-INF/robovm/ios/libs/jme3-ios-native.xcframework - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v4 + uses: gradle/actions/wrapper-validation@v6.1.0 - name: Build Engine shell: bash run: | @@ -275,7 +275,7 @@ jobs: # Used later by DeploySnapshot - name: Upload merged natives if: matrix.deploy==true - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v6.0.0 with: name: natives path: dist/jme3-natives.zip @@ -283,14 +283,14 @@ jobs: # Upload maven artifacts to be used later by the deploy job - name: Upload maven artifacts if: matrix.deploy==true - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v6.0.0 with: name: maven path: dist/maven - name: Upload javadoc if: matrix.deploy==true - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v6.0.0 with: name: javadoc path: dist/javadoc @@ -298,7 +298,7 @@ jobs: # Upload release archive to be used later by the deploy job - name: Upload release if: github.event_name == 'release' && matrix.deploy==true - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v6.0.0 with: name: release path: dist/release @@ -324,7 +324,7 @@ jobs: fi - name: Download merged natives - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: natives path: dist/ @@ -402,25 +402,25 @@ jobs: # We need to clone everything again for uploadToMaven.sh ... - name: Clone the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6.0.2 with: fetch-depth: 1 # Setup jdk 21 used for building Maven-style artifacts - name: Setup the java environment - uses: actions/setup-java@v4 + uses: actions/setup-java@v5.2.0 with: distribution: 'temurin' java-version: '21' - name: Download natives for android - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: android-natives path: build/native - name: Download natives for iOS - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: ios-natives path: jme3-ios-native/template/META-INF/robovm/ios/libs/jme3-ios-native.xcframework @@ -452,38 +452,38 @@ jobs: # We need to clone everything again for uploadToCentral.sh ... - name: Clone the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6.0.2 with: fetch-depth: 1 # Setup jdk 21 used for building Sonatype artifacts - name: Setup the java environment - uses: actions/setup-java@v4 + uses: actions/setup-java@v5.2.0 with: distribution: 'temurin' java-version: '21' # Download all the stuff... - name: Download maven artifacts - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: maven path: dist/maven - name: Download release - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: release path: dist/release - name: Download natives for android - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: android-natives path: build/native - name: Download natives for iOS - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: ios-natives path: jme3-ios-native/template/META-INF/robovm/ios/libs/jme3-ios-native.xcframework @@ -557,7 +557,7 @@ jobs: # Download the javadoc in the new directory "newdoc" - name: Download javadoc - uses: actions/download-artifact@master + uses: actions/download-artifact@v8.0.1 with: name: javadoc path: newdoc diff --git a/.github/workflows/screenshot-test-comment.yml b/.github/workflows/screenshot-test-comment.yml index 5b4ae992e9..f7297a5c90 100644 --- a/.github/workflows/screenshot-test-comment.yml +++ b/.github/workflows/screenshot-test-comment.yml @@ -24,7 +24,7 @@ jobs: run: sleep 120 - name: Wait for Screenshot Tests to complete - uses: lewagon/wait-on-check-action@v1.3.1 + uses: lewagon/wait-on-check-action@v1.6.1 with: ref: ${{ github.event.pull_request.head.sha }} check-name: 'Run Screenshot Tests' @@ -33,7 +33,7 @@ jobs: allowed-conclusions: success,skipped,failure - name: Check Screenshot Tests status id: check-status - uses: actions/github-script@v6 + uses: actions/github-script@v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -80,7 +80,7 @@ jobs: core.setOutput('failed', 'false'); } - name: Find Existing Comment - uses: peter-evans/find-comment@v3 + uses: peter-evans/find-comment@v4.0.0 id: existingCommentId with: issue-number: ${{ github.event.pull_request.number }} @@ -89,7 +89,7 @@ jobs: - name: Comment on PR if tests fail if: steps.check-status.outputs.failed == 'true' - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@v5.0.0 with: issue-number: ${{ github.event.pull_request.number }} body: | From dd227831d2045f93efdf83c7a6371fdddc0176c7 Mon Sep 17 00:00:00 2001 From: Riccardo Balbo Date: Tue, 7 Apr 2026 10:22:10 +0200 Subject: [PATCH 2/3] downgrade some actions --- .github/workflows/main.yml | 10 +++++----- .github/workflows/screenshot-test-comment.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 55f48ada1f..07e88a8363 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -81,7 +81,7 @@ jobs: echo "MESA_LOADER_DRIVER_OVERRIDE=$MESA_LOADER_DRIVER_OVERRIDE" echo "GALLIUM_DRIVER=$GALLIUM_DRIVER" - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v6.1.0 + uses: gradle/actions/wrapper-validation@v5.0.2 - name: Test with Gradle Wrapper run: | ./gradlew :jme3-screenshot-test:screenshotTest @@ -112,7 +112,7 @@ jobs: java-version: '11.0.26+4' - name: Setup the XCode version to 15.1.0 - uses: maxim-lobanov/setup-xcode@v1.7.0 + uses: maxim-lobanov/setup-xcode@v1.6.0 with: xcode-version: '15.1.0' @@ -122,7 +122,7 @@ jobs: fetch-depth: 1 - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v6.1.0 + uses: gradle/actions/wrapper-validation@v5.0.2 - name: Build run: | @@ -164,7 +164,7 @@ jobs: cmake --version - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v6.1.0 + uses: gradle/actions/wrapper-validation@v5.0.2 - name: Build run: | @@ -228,7 +228,7 @@ jobs: path: jme3-ios-native/template/META-INF/robovm/ios/libs/jme3-ios-native.xcframework - name: Validate the Gradle wrapper - uses: gradle/actions/wrapper-validation@v6.1.0 + uses: gradle/actions/wrapper-validation@v5.0.2 - name: Build Engine shell: bash run: | diff --git a/.github/workflows/screenshot-test-comment.yml b/.github/workflows/screenshot-test-comment.yml index f7297a5c90..33098af46d 100644 --- a/.github/workflows/screenshot-test-comment.yml +++ b/.github/workflows/screenshot-test-comment.yml @@ -24,7 +24,7 @@ jobs: run: sleep 120 - name: Wait for Screenshot Tests to complete - uses: lewagon/wait-on-check-action@v1.6.1 + uses: lewagon/wait-on-check-action@v1.4.1 with: ref: ${{ github.event.pull_request.head.sha }} check-name: 'Run Screenshot Tests' From fea466aa8fcdaca846ec1c41a4a8dd3ba9564547 Mon Sep 17 00:00:00 2001 From: Riccardo Balbo Date: Tue, 7 Apr 2026 10:24:56 +0200 Subject: [PATCH 3/3] add cooldown to dependabot --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 875b39fedd..f19ae4de01 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,10 +9,14 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + cooldown: + default-days: 30 - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" + cooldown: + default-days: 30 open-pull-requests-limit: 5 commit-message: prefix: "ci"