From 5f1aaf1a9c5ecb883af7745c798a4744ec2e707b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Silva?= <goncalo@doist.com>
Date: Wed, 29 Jan 2025 15:20:38 +0000
Subject: [PATCH 1/3] Update github/codeql-action/upload-sarif to v3

---
 .github/workflows/analyze-detekt.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/analyze-detekt.yml b/.github/workflows/analyze-detekt.yml
index 72ee5d0..839dfec 100644
--- a/.github/workflows/analyze-detekt.yml
+++ b/.github/workflows/analyze-detekt.yml
@@ -32,7 +32,7 @@ jobs:
           --input ${{ github.workspace }} \
           --report sarif:${{ github.workspace }}/detekt.sarif.json
     - name: Upload results
-      uses: github/codeql-action/upload-sarif@v1
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: ${{ github.workspace }}/detekt.sarif.json
         checkout_path: ${{ github.workspace }}

From ddea3beb7fca3455136159f68cb99da2fe3f97ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Silva?= <goncalo@doist.com>
Date: Wed, 29 Jan 2025 15:28:51 +0000
Subject: [PATCH 2/3] Update detekt to v1.23.7

---
 .github/workflows/analyze-detekt.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/analyze-detekt.yml b/.github/workflows/analyze-detekt.yml
index 839dfec..3b7dabb 100644
--- a/.github/workflows/analyze-detekt.yml
+++ b/.github/workflows/analyze-detekt.yml
@@ -20,7 +20,7 @@ jobs:
       run: |
         JARFILE="$(mktemp -d)/detekt.jar"
         curl --request GET \
-          --url https://github.com/detekt/detekt/releases/download/v1.17.1/detekt-cli-1.17.1-all.jar \
+          --url https://github.com/detekt/detekt/releases/download/v1.23.7/detekt-cli-1.23.7-all.jar \
           --silent \
           --location \
           --output $JARFILE

From ddd48ec14b77a07c7c3155fd598054aa044fd9b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Silva?= <goncalo@doist.com>
Date: Wed, 29 Jan 2025 15:51:45 +0000
Subject: [PATCH 3/3] Avoid "No usable sandbox" error on Ubuntu

---
 .github/workflows/test-publish.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/test-publish.yml b/.github/workflows/test-publish.yml
index 5e87e1d..0e18085 100644
--- a/.github/workflows/test-publish.yml
+++ b/.github/workflows/test-publish.yml
@@ -32,6 +32,11 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y libunistring-dev libc6-dev-i386
         if: runner.os == 'Linux'
+      - run: |
+          # Avoid "No usable sandbox" errors on Ubuntu, based on the instructions found here:
+          # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md
+          echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns
+        if: runner.os == 'Linux'
       - run: ./gradlew assemble check
         env:
           ORG_GRADLE_PROJECT_targets: ${{ matrix.targets }}