From 888793b1edbdce4080566e0559ef5a8097798346 Mon Sep 17 00:00:00 2001
From: Ivar Derksen <ivar.derksen@sidn.nl>
Date: Tue, 19 Mar 2024 14:35:10 +0100
Subject: [PATCH 1/2] CI/CD: ensure Gradle deps are available to dependabot

---
 .github/workflows/status-checks.yml | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/status-checks.yml b/.github/workflows/status-checks.yml
index 0e3c394..bef5d00 100644
--- a/.github/workflows/status-checks.yml
+++ b/.github/workflows/status-checks.yml
@@ -19,9 +19,9 @@ jobs:
           lang: [ en, nl ]
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v3
+        - uses: actions/checkout@v4
 
-        - uses: actions/setup-node@v3
+        - uses: actions/setup-node@v4
           with:
             node-version: '18'
             cache: yarn
@@ -43,7 +43,7 @@ jobs:
     build-war:
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v3
+        - uses: actions/checkout@v4
 
         - uses: actions/setup-java@v2
           with:
@@ -57,7 +57,7 @@ jobs:
         - name: Build
           run: ./gradlew build
 
-        - uses: actions/upload-artifact@v3
+        - uses: actions/upload-artifact@v4
           with:
             name: war
             path: build/libs/irma_email_issuer.war
@@ -70,7 +70,7 @@ jobs:
         contents: read
         security-events: write
       steps:
-        - uses: actions/checkout@v3
+        - uses: actions/checkout@v4
 
         - uses: actions/setup-java@v2
           with:
@@ -79,15 +79,24 @@ jobs:
             cache: gradle
 
         - name: Initialize CodeQL
-          uses: github/codeql-action/init@v2
+          uses: github/codeql-action/init@v3
           with:
             languages: java
             queries: security-and-quality
 
         - name: Autobuild
-          uses: github/codeql-action/autobuild@v2
+          uses: github/codeql-action/autobuild@v3
 
         - name: Perform CodeQL Analysis
-          uses: github/codeql-action/analyze@v2
+          uses: github/codeql-action/analyze@v3
           with:
             category: "/language:java"
+
+    dependency-submission:
+      runs-on: ubuntu-latest
+      steps:
+       - name: Checkout sources
+         uses: actions/checkout@v4
+       - name: Generate and submit dependency graph
+         uses: gradle/actions/dependency-submission@v3
+      

From 97da6cbee36f52266c63dd39b969f7846874a07c Mon Sep 17 00:00:00 2001
From: Ivar Derksen <ivar.derksen@sidn.nl>
Date: Tue, 19 Mar 2024 14:37:44 +0100
Subject: [PATCH 2/2] CI/CD: add missing contents permissions to
 dependency-submission job

---
 .github/workflows/status-checks.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/status-checks.yml b/.github/workflows/status-checks.yml
index bef5d00..9cfd9dc 100644
--- a/.github/workflows/status-checks.yml
+++ b/.github/workflows/status-checks.yml
@@ -94,6 +94,8 @@ jobs:
 
     dependency-submission:
       runs-on: ubuntu-latest
+      permissions:
+        contents: write
       steps:
        - name: Checkout sources
          uses: actions/checkout@v4