Merge remote-tracking branch 'origin' into feature/v2/pagemanager-improvements

.github/workflows/PR-Demo-Comment-with-react.yml

@@ -34,8 +34,6 @@ jobs:
       )
     outputs:
       pr_number: ${{ steps.get-pr.outputs.pr_number }}
-      pr_repository: ${{ steps.get-pr-info.outputs.repository }}
-      pr_ref: ${{ steps.get-pr-info.outputs.ref }}
       comment_id: ${{ github.event.comment.id }}
       disable_security: ${{ steps.check-security-flag.outputs.disable_security }}
       enable_pro: ${{ steps.check-pro-flag.outputs.enable_pro }}
@@ -67,29 +65,6 @@ jobs:
             console.log(`PR Number: ${prNumber}`);
             core.setOutput('pr_number', prNumber);
 
-      - name: Get PR repository and ref
-        id: get-pr-info
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const prNumber = context.payload.issue.number;
-
-            const { data: pr } = await github.rest.pulls.get({
-              owner,
-              repo,
-              pull_number: prNumber,
-            });
-
-            // For forks, use the full repository name, for internal PRs use the current repo
-            const repository = pr.head.repo.fork ? pr.head.repo.full_name : `${owner}/${repo}`;
-
-            console.log(`PR Repository: ${repository}`);
-            console.log(`PR Branch: ${pr.head.ref}`);
-
-            core.setOutput('repository', repository);
-            core.setOutput('ref', pr.head.ref);
-
       - name: Check for security/login flag
         id: check-security-flag
         env:
@@ -172,8 +147,7 @@ jobs:
       - name: Checkout PR
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
-          repository: ${{ needs.check-comment.outputs.pr_repository }}
-          ref: ${{ needs.check-comment.outputs.pr_ref }}
+          ref: refs/pull/${{ needs.check-comment.outputs.pr_number }}/merge
           token: ${{ steps.setup-bot.outputs.token }}
 
       - name: Set up JDK

.github/workflows/build.yml

@@ -31,7 +31,7 @@ jobs:
       project: ${{ steps.changes.outputs.project }}
       openapi: ${{ steps.changes.outputs.openapi }}
     steps:
-      - uses: actions/checkout@v4.3.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Check for file changes
         uses: dorny/paths-filter@v3.0.2
@@ -55,7 +55,7 @@ jobs:
         with:
           egress-policy: audit
       - name: Checkout repository
-        uses: actions/checkout@v4.3.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK ${{ matrix.jdk-version }}
         uses: actions/setup-java@v4.7.1
@@ -63,7 +63,7 @@ jobs:
           java-version: ${{ matrix.jdk-version }}
           distribution: "temurin"
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4.4.2
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
         with:
           gradle-version: 8.14
       - name: Build with Gradle and spring security ${{ matrix.spring-security }}
@@ -111,14 +111,17 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@v4.3.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Set up JDK 17
         uses: actions/setup-java@v4.7.1
         with:
           java-version: "17"
           distribution: "temurin"
-      - uses: gradle/actions/setup-gradle@v4.4.2
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+
       - name: Generate OpenAPI documentation
         run: ./gradlew :stirling-pdf:generateOpenApiDocs
         env:
@@ -168,15 +171,21 @@ jobs:
         with:
           egress-policy: audit
       - name: Checkout repository
-        uses: actions/checkout@v4.3.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
       - name: Set up JDK 17
         uses: actions/setup-java@v4.7.1
         with:
           java-version: "17"
           distribution: "temurin"
-      - name: check the licenses for compatibility
+
+      - name: Check licenses for compatibility
         run: ./gradlew clean checkLicense
-      - name: FAILED - check the licenses for compatibility
+        env:
+          DISABLE_ADDITIONAL_FEATURES: false
+          STIRLING_PDF_DESKTOP_UI: true
+
+      - name: FAILED - Check licenses for compatibility
         if: failure()
         uses: actions/upload-artifact@v4.6.2
         with:

.github/workflows/dependency-review.yml

@@ -24,4 +24,4 @@ jobs:
       - name: "Checkout Repository"
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
+        uses: actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 # v4.7.2

.github/workflows/licenses-update.yml

@@ -58,6 +58,9 @@ jobs:
 
       - name: Check licenses for compatibility
         run: ./gradlew clean checkLicense
+        env:
+          DISABLE_ADDITIONAL_FEATURES: false
+          STIRLING_PDF_DESKTOP_UI: true
 
       - name: Upload artifact on failure
         if: failure()

.github/workflows/scorecards.yml

@@ -74,6 +74,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
+        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5
         with:
           sarif_file: results.sarif