From b12c3a65f2a58dc660d23433faca5cf97f741663 Mon Sep 17 00:00:00 2001 From: daz Date: Thu, 14 Nov 2024 12:35:29 -0700 Subject: [PATCH] Pin version of 3rd party actions --- .github/actions/build-dist/action.yml | 2 +- .github/actions/init-integ-test/action.yml | 2 +- .github/workflows/ci-check-no-dist-update.yml | 2 +- .github/workflows/ci-codeql.yml | 4 ++-- .github/workflows/ci-update-dist.yml | 2 +- .github/workflows/integ-test-build-scan-publish.yml | 2 +- .github/workflows/integ-test-caching-config.yml | 4 ++-- .github/workflows/integ-test-inject-develocity.yml | 6 +++--- .github/workflows/integ-test-provision-gradle-versions.yml | 6 +++--- .github/workflows/update-checksums-file.yml | 2 +- 10 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/actions/build-dist/action.yml b/.github/actions/build-dist/action.yml index d9b71e6..8dddc6e 100644 --- a/.github/actions/build-dist/action.yml +++ b/.github/actions/build-dist/action.yml @@ -23,7 +23,7 @@ runs: cp -r sources/dist . - name: Upload distribution - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: dist path: dist/ diff --git a/.github/actions/init-integ-test/action.yml b/.github/actions/init-integ-test/action.yml index dc309a5..0e7c21c 100644 --- a/.github/actions/init-integ-test/action.yml +++ b/.github/actions/init-integ-test/action.yml @@ -17,7 +17,7 @@ runs: # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step - name: Download dist if: ${{ env.SKIP_DIST != 'true' && !env.ACT }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: dist path: dist/ diff --git a/.github/workflows/ci-check-no-dist-update.yml b/.github/workflows/ci-check-no-dist-update.yml index a7048d4..93f3a45 100644 --- a/.github/workflows/ci-check-no-dist-update.yml +++ b/.github/workflows/ci-check-no-dist-update.yml @@ -21,7 +21,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4 with: files: | dist/** diff --git a/.github/workflows/ci-codeql.yml b/.github/workflows/ci-codeql.yml index f810429..a8ea4dd 100644 --- a/.github/workflows/ci-codeql.yml +++ b/.github/workflows/ci-codeql.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: languages: ${{ matrix.language }} config: | @@ -47,4 +47,4 @@ jobs: - sources/src - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 diff --git a/.github/workflows/ci-update-dist.yml b/.github/workflows/ci-update-dist.yml index c8db2a3..c121c20 100644 --- a/.github/workflows/ci-update-dist.yml +++ b/.github/workflows/ci-update-dist.yml @@ -48,7 +48,7 @@ jobs: # Important: The push event will not trigger any other workflows, see # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs - name: Commit & push changes - uses: stefanzweifel/git-auto-commit-action@v5 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_message: '[bot] Update dist directory' file_pattern: dist diff --git a/.github/workflows/integ-test-build-scan-publish.yml b/.github/workflows/integ-test-build-scan-publish.yml index 3fa471a..759314d 100644 --- a/.github/workflows/integ-test-build-scan-publish.yml +++ b/.github/workflows/integ-test-build-scan-publish.yml @@ -49,7 +49,7 @@ jobs: run: gradle help - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/integ-test-caching-config.yml b/.github/workflows/integ-test-caching-config.yml index 7cb0199..22a52f5 100644 --- a/.github/workflows/integ-test-caching-config.yml +++ b/.github/workflows/integ-test-caching-config.yml @@ -104,7 +104,7 @@ jobs: run: ./gradlew help - name: Check Build Scan url is captured if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('No Build Scan detected') @@ -128,7 +128,7 @@ jobs: run: ./gradlew help - name: Check Build Scan url is captured if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/integ-test-inject-develocity.yml b/.github/workflows/integ-test-inject-develocity.yml index cae6bf8..c05265e 100644 --- a/.github/workflows/integ-test-inject-develocity.yml +++ b/.github/workflows/integ-test-inject-develocity.yml @@ -62,7 +62,7 @@ jobs: run: gradle help - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('No Build Scan detected') @@ -107,7 +107,7 @@ jobs: run: "[ ${#GRADLE_ENTERPRISE_ACCESS_KEY} -gt 500 ] || (echo 'GRADLE_ENTERPRISE_ACCESS_KEY does not look like a short lived token'; exit 1)" - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('No Build Scan detected') @@ -179,7 +179,7 @@ jobs: run: gradle help - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/integ-test-provision-gradle-versions.yml b/.github/workflows/integ-test-provision-gradle-versions.yml index 96ddb50..3ca7d35 100644 --- a/.github/workflows/integ-test-provision-gradle-versions.yml +++ b/.github/workflows/integ-test-provision-gradle-versions.yml @@ -69,7 +69,7 @@ jobs: run: gradle help - name: Check current version output parameter if: ${{ !startsWith(steps.gradle-current.outputs.gradle-version , '8.') }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.gradle-current.outputs.gradle-version }}"') @@ -112,7 +112,7 @@ jobs: gradle-version: ${{ matrix.gradle }} - name: Check output parameter if: ${{ steps.setup-gradle.outputs.gradle-version != matrix.gradle }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('Gradle version parameter not set correctly: value was "${{ steps.setup-gradle.outputs.gradle-version }}"') @@ -122,7 +122,7 @@ jobs: run: gradle help "-DgradleVersionCheck=${{matrix.gradle}}" - name: Check Build Scan url if: ${{ !steps.gradle.outputs.build-scan-url }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | core.setFailed('No Build Scan detected') diff --git a/.github/workflows/update-checksums-file.yml b/.github/workflows/update-checksums-file.yml index 220c37c..b5dfafa 100644 --- a/.github/workflows/update-checksums-file.yml +++ b/.github/workflows/update-checksums-file.yml @@ -39,7 +39,7 @@ jobs: # If there are no changes, this action will not create a pull request - name: Create or update pull request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: branch: bot/wrapper-checksums-update commit-message: Update known wrapper checksums