Skip to content

Bump actions/setup-java from 3 to 5 #1303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump actions/setup-java from 3 to 5 #1303

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 25, 2025

Bumps actions/setup-java from 3 to 5.

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Bug Fixes

New Contributors

Full Changelog: actions/setup-java@v4...v5.0.0

v4.7.1

What's Changed

Documentation changes

Dependency updates:

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

What's Changed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump actions/setup-java from 3 to 5
cc6e02b 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 5.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v3...v5)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Aug 25, 2025
@matter-code-review Matter Code Review
Copy link
Contributor

Code Quality maintainability security

Reference

SDK-XXX -- N/A

Description

Summary By MatterAI MatterAI logo

🔄 What Changed

This pull request updates the actions/setup-java GitHub Action to its latest major version, v5. Specifically, it bumps actions/setup-java@v4 to v5 in .github/workflows/gptdriverautomation.yaml and actions/setup-java@v3 to v5 in .github/workflows/unit-and-instrumented-tests-action.yml. This ensures that the workflows leverage the most recent features, bug fixes, and security enhancements provided by the action.

🔍 Impact of the Change

The update to actions/setup-java@v5 enhances the reliability and security of the CI/CD pipelines. It ensures that Java environments for SDK and application builds, as well as unit and instrumented tests, are set up using the most current and supported version of the action. This reduces technical debt and aligns with best practices for dependency management in GitHub Actions.

📁 Total Files Changed

  • .github/workflows/gptdriverautomation.yaml: Updated actions/setup-java from v4 to v5 for SDK and App builds.
  • .github/workflows/unit-and-instrumented-tests-action.yml: Updated actions/setup-java from v3 to v5 across multiple Java setup steps for various test jobs.

🧪 Test Added

N/A

🔒Security Vulnerabilities

This update likely mitigates potential security vulnerabilities present in older versions of the setup-java action by incorporating the latest security patches and improvements available in v5. No new vulnerabilities are introduced by this change.

Testing Instructions

N/A

Risk Assessment [LOW]

This change involves a minor version bump of a widely used GitHub Action, posing a low risk. The primary impact is improved stability and security of the CI/CD workflows.

  • I, the PR creator, have tested — integration, unit, or otherwise — this code.

Reviewer Checklist (To be checked off by the reviewer only)

  • JIRA Ticket is referenced in PR title.
  • Correctness & Style
    • Conforms to AOSP Style Guides
    • Mission critical pieces are documented in code and out of code as needed.
  • Unit Tests reviewed and test issue sufficiently.
  • Functionality was reviewed in QA independently by another engineer on the team.

cc @BranchMetrics/saas-sdk-devs for visibility.

Tip

Quality Recommendations

  1. Consider implementing Dependabot or similar tools to automate future GitHub Actions dependency updates, ensuring workflows remain current with security patches and new features.

Tanka Poem ♫

Old actions updated,
New Java flows with fresh might,
Workflows now secure.
Builds run swift, no more delay,
Science thrives with latest tools. ✨

Sequence Diagram

sequenceDiagram
    participant GH_Runner as GitHub Runner
    participant WorkflowJob as Workflow Job
    participant SetupJavaV5 as actions/setup-java@v5

    GH_Runner->>WorkflowJob: Start Job Execution
    WorkflowJob->>SetupJavaV5: Call setup-java action (v5)
    Note over SetupJavaV5: with: distribution: 'temurin', java-version: '17'
    SetupJavaV5-->>WorkflowJob: JDK 17 configured
    WorkflowJob->>GH_Runner: Continue with build/test steps
Loading

@matter-code-review Matter Code Review
Copy link
Contributor

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use Matter AI

Command List

  • /matter summary: Generate AI Summary for the PR
  • /matter review: Generate AI Reviews for the latest commit in the PR
  • /matter review-full: Generate AI Reviews for the complete PR
  • /matter release-notes: Generate AI release-notes for the PR
  • /matter : Chat with your PR with Matter AI Agent
  • /matter remember : Generate AI memories for the PR
  • /matter explain: Get an explanation of the PR
  • /matter help: Show the list of available commands and documentation
  • Need help? Join our Discord server: https://discord.gg/fJU5DvanU3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants