From e9bf51c715838c95e7bf577c9ae15c876a2c35a4 Mon Sep 17 00:00:00 2001
From: micronaut-build <micronaut-build-account@grails.org>
Date: Thu, 9 Jan 2025 05:20:23 +0000
Subject: [PATCH] Update common files

---
 .github/renovate.json         | 22 +++++++++++++++-------
 .github/workflows/gradle.yml  |  7 +++++++
 .github/workflows/release.yml |  2 +-
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 09c2a598..99eeec10 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,24 +1,32 @@
 {
   "extends": [
-    "config:base"
+    "config:recommended"
+  ],
+  "addLabels": [
+    "type: dependency-upgrade"
   ],
-  "addLabels": ["type: dependency-upgrade"],
   "schedule": [
-    "after 10pm every day"
+    "after 10pm"
   ],
   "prHourlyLimit": 1,
   "prConcurrentLimit": 20,
   "timezone": "Europe/Prague",
   "packageRules": [
     {
-      "matchPackagePatterns": ["actions.*"],
       "dependencyDashboardApproval": true,
-      "matchUpdateTypes": ["patch"],
+      "matchUpdateTypes": [
+        "patch"
+      ],
       "matchCurrentVersion": "!/^0/",
-      "automerge": true
+      "automerge": true,
+      "matchPackageNames": [
+        "/actions.*/"
+      ]
     },
     {
-      "matchUpdateTypes": ["patch"],
+      "matchUpdateTypes": [
+        "patch"
+      ],
       "matchCurrentVersion": "!/^0/",
       "automerge": true
     }
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 571e79a2..aab934a7 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -30,6 +30,8 @@ jobs:
       PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
+      OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }}      
     steps:
        # https://github.com/actions/virtual-environments/issues/709
       - name: "🗑 Free disk space"
@@ -58,6 +60,11 @@ jobs:
         run: |
           [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
 
+      - name: "🚔 Sonatype Scan"
+        id: sonatypescan
+        run: |
+          ./gradlew ossIndexAudit --no-parallel
+
       - name: "🛠 Build with Gradle"
         id: gradle
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2762f3e2..d760186c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -160,6 +160,6 @@ jobs:
       - name: Upload assets
         # Upload the artifacts to the existing release. Note that the SLSA provenance will
         # attest to each artifact file and not the aggregated ZIP file.
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
+        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
         with:
           files: artifacts.zip