Update dependency com.fasterxml.jackson:jackson-bom to v2.21.3 (#500) #1772

Workflow file for this run

	name: Selcukes CI

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	permissions:
	contents: read
	packages: read
	security-events: write

	jobs:
	build:
	name: Build
	runs-on: ${{ matrix.os }}
	timeout-minutes: 30
	strategy:
	matrix:
	os: [ ubuntu-latest ]
	java: [ 17, 21 ]

	steps:
	# actions/checkout latest v6 → v6.0.1
	- name: Checkout repository
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	# Secrets passed as env vars — never expanded inline in run block
	- name: Mask secrets
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
	BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
	run: \|
	echo "::add-mask::$SONAR_TOKEN"
	echo "::add-mask::$BROWSERSTACK_USERNAME"
	echo "::add-mask::$BROWSERSTACK_ACCESS_KEY"

	# actions/setup-java latest v5 → v5.1.0
	# Auto-generates ~/.m2/settings.xml — no settings.xml needed in repo
	- name: Set up JDK ${{ matrix.java }}
	uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
	with:
	distribution: 'corretto'
	java-version: ${{ matrix.java }}
	server-id: browserstack
	server-username: BROWSERSTACK_USERNAME
	server-password: BROWSERSTACK_ACCESS_KEY

	# HTTPS strictly enforced via --proto and --tlsv1.2 on curl
	# GPG fingerprint verified before trusting the key
	# apt-transport-https ensures apt uses HTTPS — prevents HTTP redirects
	# signed-by= pins the repo to the verified Microsoft key specifically
	- name: Install Edge on Linux
	if: matrix.os == 'ubuntu-latest'
	run: \|
	curl -fsSL --proto '=https' --tlsv1.2 \
	https://packages.microsoft.com/keys/microsoft.asc -o microsoft.asc

	FINGERPRINT=$(gpg --with-colons --import-options show-only --import microsoft.asc \
	\| awk -F: '/^fpr/ { print $10; exit }')
	EXPECTED="BC528686B50D79E339D3721CEB3E94ADBE1229CF"
	if [ "$FINGERPRINT" != "$EXPECTED" ]; then
	echo "ERROR: GPG key fingerprint mismatch! Got $FINGERPRINT, expected $EXPECTED"
	rm -f microsoft.asc
	exit 1
	fi

	gpg --dearmor < microsoft.asc > microsoft.gpg
	sudo install -o root -g root -m 644 microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg
	rm -f microsoft.asc microsoft.gpg

	# Enforce HTTPS transport for apt — prevents redirect to insecure HTTP
	sudo apt-get install -y apt-transport-https

	# signed-by= ties this repo to the verified Microsoft key only
	echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main" \
	\| sudo tee /etc/apt/sources.list.d/microsoft-edge.list > /dev/null

	sudo apt-get update -q && sudo apt-get install -y microsoft-edge-beta

	- name: Cache SonarCloud packages
	uses: actions/cache@v5
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Cache Maven packages
	uses: actions/cache@v5
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	# Secrets injected as env vars — Maven reads via setup-java auto-generated settings.xml
	- name: Build and analyze
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
	BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
	run: \|
	mvn -B \
	-DtrimStackTrace=true \
	-q verify \
	org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
	-Dsonar.projectKey=selcukes_selcukes-java

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency com.fasterxml.jackson:jackson-bom to v2.21.3 (#500) #1772

Workflow file

Update dependency com.fasterxml.jackson:jackson-bom to v2.21.3 (#500) #1772

Uh oh!

Workflow file for this run