Merge remote-tracking branch 'origin/develop' into 16004-prevent-cert…

…ain-checks-from-running-on-forked-prs

.github/workflows/config/node-release.yaml

@@ -1,11 +1,11 @@
 release:
   branching:
     execution:
-      time: "17:00:00"
+      time: "21:00:00"
     schedule:
-      - on: "2024-09-30"
-        name: release/0.55
+      - on: "2024-10-25"
+        name: release/0.56
         initial-tag:
-          create: false
-          name: v0.55.0-alpha.2
+          create: true
+          name: v0.56.0
 

.github/workflows/flow-artifact-determinism.yaml

@@ -32,7 +32,7 @@ on:
         description: "Java JDK Version:"
         type: string
         required: false
-        default: "21"
+        default: "21.0.4"
   push:
     branches:
       - develop
@@ -55,7 +55,7 @@ jobs:
     with:
       ref: ${{ github.event.inputs.ref || '' }}
       java-distribution: ${{ inputs.java-distribution || 'temurin' }}
-      java-version: ${{ inputs.java-version || '21' }}
+      java-version: ${{ inputs.java-version || '21.0.4' }}
     secrets:
       gradle-cache-username: ${{ secrets.GRADLE_CACHE_USERNAME }}
       gradle-cache-password: ${{ secrets.GRADLE_CACHE_PASSWORD }}
@@ -66,7 +66,7 @@ jobs:
     with:
       ref: ${{ github.event.inputs.ref || '' }}
       java-distribution: ${{ inputs.java-distribution || 'temurin' }}
-      java-version: ${{ inputs.java-version || '21' }}
+      java-version: ${{ inputs.java-version || '21.0.4' }}
     secrets:
       gradle-cache-username: ${{ secrets.GRADLE_CACHE_USERNAME }}
       gradle-cache-password: ${{ secrets.GRADLE_CACHE_PASSWORD }}

.github/workflows/flow-node-performance-tests.yaml

@@ -53,10 +53,10 @@ jobs:
           egress-policy: audit
 
       - name: Checkout Code
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Authenticate to Google Cloud
-        uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
+        uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
         with:
           workload_identity_provider: "projects/235822363393/locations/global/workloadIdentityPools/hedera-builds-pool/providers/hedera-builds-gh-actions"
           service_account: "[email protected]"

.github/workflows/flow-pull-request-formatting.yaml

@@ -52,7 +52,7 @@ jobs:
           egress-policy: audit
 
       - name: Check PR Title
-        uses: step-security/conventional-pr-title-action@0eae74515f5a79f8773fa04142dd746df76666ac # v1.0.0
+        uses: step-security/conventional-pr-title-action@19fb561b33015fd2184055a05ce5a3bcf2ba3f54 # v3.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

.github/workflows/node-flow-build-application.yaml

@@ -42,7 +42,7 @@ on:
         description: "Java JDK Version:"
         type: string
         required: false
-        default: "21"
+        default: "21.0.4"
       java-distribution:
         description: "Java JDK Distribution:"
         type: string
@@ -63,7 +63,7 @@ jobs:
     name: Code
     uses: ./.github/workflows/node-zxc-compile-application-code.yaml
     with:
-      java-version: ${{ github.event.inputs.java-version || '21' }}
+      java-version: ${{ github.event.inputs.java-version || '21.0.4' }}
       java-distribution: ${{ github.event.inputs.java-distribution || 'temurin' }}
       enable-unit-tests: ${{ github.event_name == 'push' || github.event.inputs.enable-unit-tests == 'true' }}
       enable-hapi-tests-misc: ${{ github.event.inputs.enable-hapi-tests == 'true' }}
@@ -83,3 +83,24 @@ jobs:
       gradle-cache-username: ${{ secrets.GRADLE_CACHE_USERNAME }}
       gradle-cache-password: ${{ secrets.GRADLE_CACHE_PASSWORD }}
       codecov-token: ${{ secrets.CODECOV_TOKEN }}
+
+  deploy-ci-trigger:
+    name: Trigger CI Flows
+    runs-on: network-node-linux-medium
+    needs: code
+    if: ${{ needs.code.result == 'success' }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        with:
+          egress-policy: audit
+
+      - name: Trigger ZXF Deploy Production Release
+        uses: step-security/workflow-dispatch@4d1049025980f72b1327cbfdeecb07fe7a20f577 # v1.2.4
+        with:
+          workflow: .github/workflows/node-flow-deploy-release-artifact.yaml
+          repo: hashgraph/hedera-services # ensure we are executing in the hashgraph org
+          ref: develop # ensure we are always using the workflow definition from the develop branch
+          token: ${{ secrets.GH_ACCESS_TOKEN }}
+          inputs: '{ "ref": "${{ github.ref }}" }'
+          #inputs: '{ "event": "${{ toJSON(github.event) }}", "ref": "${{ github.ref }}" }'

.github/workflows/node-flow-deploy-adhoc-artifact.yaml

@@ -27,7 +27,7 @@ on:
         description: "Java JDK Version:"
         type: string
         required: false
-        default: "21"
+        default: "21.0.4"
       java-distribution:
         description: "Java JDK Distribution:"
         type: string
@@ -53,7 +53,7 @@ jobs:
       trigger-env-deploy: none
       release-profile: AdhocCommit
       dry-run-enabled: ${{ github.event.inputs.dry-run-enabled == 'true' }}
-      java-version: ${{ github.event.inputs.java-version || '21' }}
+      java-version: ${{ github.event.inputs.java-version || '21.0.4' }}
       java-distribution: ${{ github.event.inputs.java-distribution || 'temurin' }}
       gradle-version: ${{ github.event.inputs.gradle-version || 'wrapper' }}
 

.github/workflows/node-flow-deploy-release-artifact.yaml

@@ -19,14 +19,14 @@ on:
   push:
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+-?*"
-  workflow_run:
-    workflows:
-      - "Node: Build Application"
-    branches:
-      - develop
-    types:
-      - completed
-
+  workflow_dispatch:
+    inputs:
+      ref:
+        required: true
+        description: "The github ref that triggered the workflow"
+#      event:
+#        required: true
+#        description: "The github event of the triggering workflow"
 
 defaults:
   run:
@@ -103,7 +103,7 @@ jobs:
   release-branch:
     name: Release [Branch]
     uses: ./.github/workflows/node-zxc-build-release-artifact.yaml
-    if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success'}}
+    if: ${{ github.event_name == 'workflow_dispatch' }}
     with:
       version-policy: branch-commit
       trigger-env-deploy: integration
@@ -125,3 +125,41 @@ jobs:
       jf-docker-registry: ${{ vars.JF_DOCKER_REGISTRY }}
       jf-user-name: ${{ vars.JF_USER_NAME }}
       jf-access-token: ${{ secrets.JF_ACCESS_TOKEN }}
+
+  deploy-ci-trigger:
+    name: Trigger CI Flows
+    runs-on: network-node-linux-medium
+    needs:
+      - release-branch
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: '0'
+          ref: develop
+          token: ${{ secrets.GH_ACCESS_TOKEN }}
+
+      - name: Trigger ZXF Prepare Extended Test Suite
+        if: ${{ needs.release-branch.result == 'success' }}
+        uses: step-security/workflow-dispatch@4d1049025980f72b1327cbfdeecb07fe7a20f577 # v1.2.4
+        with:
+          workflow: .github/workflows/zxf-prepare-extended-test-suite.yaml
+          repo: hashgraph/hedera-services # ensure we are executing in the hashgraph org
+          ref: develop # ensure we are always using the workflow definition from the develop branch
+          token: ${{ secrets.GH_ACCESS_TOKEN }}
+          inputs: '{ "ref": "${{ inputs.ref }}" }'
+
+#      - name: Trigger ZXF Deploy Integration
+#        if: ${{ needs.release-branch.result == 'success' }}
+#        uses: step-security/workflow-dispatch@4d1049025980f72b1327cbfdeecb07fe7a20f577 # v1.2.4
+#        with:
+#          workflow: .github/workflows/node-zxf-deploy-integration.yaml
+#          repo: hashgraph/hedera-services # ensure we are executing in the hashgraph org
+#          ref: develop # ensure we are always using the workflow definition from the develop branch
+#          token: ${{ secrets.GH_ACCESS_TOKEN }}
+#          inputs: '{ "event": "${{ inputs.event }}" }'

.github/workflows/node-flow-fsts-custom-regression.yaml

@@ -37,7 +37,7 @@ on:
         description: "Java JDK Version:"
         type: string
         required: false
-        default: "21"
+        default: "21.0.4"
       java-distribution:
         description: "Java JDK Distribution:"
         type: string
@@ -67,7 +67,7 @@ jobs:
       branch-name: ${{ github.ref_name }}
       slack-results-channel: ${{ github.event.inputs.slack-results-channel }}
       slack-summary-channel: ${{ github.event.inputs.slack-summary-channel }}
-      java-version: ${{ github.event.inputs.java-version || '21' }}
+      java-version: ${{ github.event.inputs.java-version || '21.0.4' }}
       java-distribution: ${{ github.event.inputs.java-distribution || 'temurin' }}
       gradle-version: ${{ github.event.inputs.gradle-version || 'wrapper' }}
       use-branch-for-slack-channel: false

.github/workflows/node-flow-pull-request-checks.yaml

@@ -300,7 +300,7 @@ jobs:
     with:
       ref: ${{ github.event.inputs.ref || '' }}
       java-distribution: temurin
-      java-version: 21
+      java-version: 21.0.4
     secrets:
       gradle-cache-username: ${{ secrets.GRADLE_CACHE_USERNAME }}
       gradle-cache-password: ${{ secrets.GRADLE_CACHE_PASSWORD }}
@@ -316,7 +316,7 @@ jobs:
     with:
       ref: ${{ github.event.inputs.ref || '' }}
       java-distribution: temurin
-      java-version: 21
+      java-version: 21.0.4
     secrets:
       gradle-cache-username: ${{ secrets.GRADLE_CACHE_USERNAME }}
       gradle-cache-password: ${{ secrets.GRADLE_CACHE_PASSWORD }}