From 898c5b7257c57a4880bf2a4bbf76a50b889a10b4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 18:02:07 +0000 Subject: [PATCH] Pin dependencies --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/gradle.yml | 6 +++--- .github/workflows/groovy-joint-workflow.yml | 6 +++--- .github/workflows/release-notes.yml | 6 +++--- .github/workflows/release.yml | 8 ++++---- .github/workflows/retry-release.yml | 8 ++++---- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4a0e5b97281..7f98827ce40 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,11 +38,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@b374143c1149a9115d881581d29b8390bbcbb59c # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@b374143c1149a9115d881581d29b8390bbcbb59c # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@b374143c1149a9115d881581d29b8390bbcbb59c # v3 diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 8e00dbf3fdc..1eeebe824c4 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -20,7 +20,7 @@ jobs: env: WORKSPACE: ${{ github.workspace }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up JDK uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: token: ${{ secrets.GH_TOKEN }} - name: Set up JDK 11 @@ -77,7 +77,7 @@ jobs: id: dispatch_message run: echo "value={\"message\":\"New Core Snapshot $(date) - $GITHUB_SHA\"}" >> $GITHUB_OUTPUT - name: Invoke the Java CI workflow in Grails Functional Tests - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Java CI repo: grails/grails-functional-tests diff --git a/.github/workflows/groovy-joint-workflow.yml b/.github/workflows/groovy-joint-workflow.yml index d16645bfb72..d055ed9468e 100644 --- a/.github/workflows/groovy-joint-workflow.yml +++ b/.github/workflows/groovy-joint-workflow.yml @@ -43,7 +43,7 @@ jobs: distribution: 'adopt' java-version: '11.0.6' - name: Cache local Maven repository & Groovy - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3 with: path: | ~/groovy @@ -128,14 +128,14 @@ jobs: fail-fast: true runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up JDK uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'adopt' java-version: '11' - name: Cache local Maven repository & Groovy - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3 with: path: | ~/groovy diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index a5a3e41c931..9395b951368 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -16,7 +16,7 @@ jobs: release_notes: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Check if it has release drafter config file id: check_release_drafter run: | @@ -26,7 +26,7 @@ jobs: id: extract_branch run: echo ::set-output name=value::${GITHUB_REF:11} # If it has release drafter: - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5 if: steps.check_release_drafter.outputs.has_release_drafter == 'true' env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} @@ -41,7 +41,7 @@ jobs: id: release_notes with: token: ${{ secrets.GH_TOKEN }} - - uses: ncipollo/release-action@v1 + - uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1 if: steps.check_release_drafter.outputs.has_release_drafter == 'false' && steps.release_notes.outputs.generated_changelog == 'true' with: allowUpdates: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fbc09ee89a0..1ff4cb93024 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,11 +17,11 @@ jobs: GIT_USER_EMAIL: behlp@unityfoundation.io steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: token: ${{ secrets.GH_TOKEN }} - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'adopt' java-version: '11' @@ -105,7 +105,7 @@ jobs: env: RELEASE_VERSION: ${{ needs.publish.outputs.release_version }} - name: Invoke grails-doc release workflow - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-doc @@ -127,7 +127,7 @@ jobs: - name: Invoke grails-static-website release workflow if: success() id: grails_static_website - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-static-website diff --git a/.github/workflows/retry-release.yml b/.github/workflows/retry-release.yml index 897bcba6a68..897f1ec0e3d 100644 --- a/.github/workflows/retry-release.yml +++ b/.github/workflows/retry-release.yml @@ -21,7 +21,7 @@ jobs: GIT_USER_EMAIL: behlp@unityfoundation.io steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: ref: "v${{ github.event.inputs.release }}" token: ${{ secrets.GH_TOKEN }} @@ -54,7 +54,7 @@ jobs: - name: Upload artifacts to the Github release id: upload_artifact if: steps.assemble.outcome == 'success' - uses: Roang-zero1/github-upload-release-artifacts-action@v3 + uses: Roang-zero1/github-upload-release-artifacts-action@87271b3f8dca9feb9e9d44381fddd2db7f09d6e1 # v3 with: created_tag: v${{ github.event.inputs.release }} args: build/distributions/grails-${{ steps.release_version.outputs.release_version }}.zip @@ -70,7 +70,7 @@ jobs: - name: Invoke grails-doc release workflow if: steps.assemble.outcome == 'success' id: grails_doc - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-doc @@ -80,7 +80,7 @@ jobs: - name: Invoke grails-static-website release workflow if: steps.assemble.outcome == 'success' id: grails_static_website - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-static-website