diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 9b821c75..5956f92b 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -26,14 +26,14 @@ jobs: steps: - name: GitHub App token id: github_app_token - uses: tibdex/github-app-token@v2.1.0 + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.APP_PRIVATE_KEY }} installation_id: 22958780 - name: Backport - uses: VachaShah/backport@v2.2.0 + uses: VachaShah/backport@142d3b8a8c70dc54db515e653e5ed3c3fac64100 # v2.2.0 with: github_token: ${{ steps.github_app_token.outputs.token }} head_template: backport/backport-<%= number %>-to-<%= base %> diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4c9b5d23..e0d1c952 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,7 @@ on: - "*" jobs: Get-CI-Image-Tag: - uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main + uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main with: product: opensearch @@ -32,11 +32,11 @@ jobs: # This step uses the checkout Github action: https://github.com/actions/checkout - name: Checkout Branch - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # This step uses the setup-java Github action: https://github.com/actions/setup-java - name: Setup Java ${{ matrix.java }} - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: java-version: ${{ matrix.java }} distribution: 'temurin' @@ -54,12 +54,12 @@ jobs: cp ./build/distributions/*.zip query-insights-artifacts - name: Upload Coverage Report - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3 with: token: ${{ secrets.CODECOV_TOKEN }} - name: Upload failed logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: failure() with: name: logs-ubuntu @@ -67,7 +67,7 @@ jobs: overwrite: true - name: Upload Artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: query-insights-plugin-ubuntu-latest path: query-insights-artifacts @@ -94,7 +94,7 @@ jobs: steps: - name: Checkout Branch - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # This is a hack, but this step creates a link to the X: mounted drive, which makes the path # short enough to work on Windows @@ -103,7 +103,7 @@ jobs: run: subst 'X:' . - name: Setup Java ${{ matrix.java }} - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: java-version: ${{ matrix.java }} distribution: 'temurin' @@ -120,7 +120,7 @@ jobs: cp ./build/distributions/*.zip query-insights-artifacts - name: Upload failed logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: ${{ failure() && matrix.os == 'macos-latest' }} with: name: logs-mac @@ -128,7 +128,7 @@ jobs: overwrite: true - name: Upload failed logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: ${{ failure() && matrix.os == 'windows-latest' }} with: name: logs-windows @@ -136,7 +136,7 @@ jobs: overwrite: true - name: Upload Artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: query-insights-plugin-${{ matrix.os }} path: query-insights-artifacts diff --git a/.github/workflows/code-hygiene.yml b/.github/workflows/code-hygiene.yml index a1153e35..b8cdb372 100644 --- a/.github/workflows/code-hygiene.yml +++ b/.github/workflows/code-hygiene.yml @@ -7,14 +7,14 @@ jobs: runs-on: ubuntu-latest name: Spotless scan steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: temurin # Temurin is a distribution of adoptium java-version: 21 - - uses: gradle/gradle-build-action@v3 + - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 with: cache-disabled: true arguments: spotlessCheck @@ -23,14 +23,14 @@ jobs: runs-on: ubuntu-latest name: Checkstyle scan steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: temurin # Temurin is a distribution of adoptium java-version: 21 - - uses: gradle/gradle-build-action@v3 + - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 with: cache-disabled: true arguments: checkstyleMain checkstyleTest diff --git a/.github/workflows/delete_backport_branch.yml b/.github/workflows/delete_backport_branch.yml index 5881df92..b8fac1c3 100644 --- a/.github/workflows/delete_backport_branch.yml +++ b/.github/workflows/delete_backport_branch.yml @@ -10,6 +10,6 @@ jobs: if: startsWith(github.event.pull_request.head.ref,'backport/') steps: - name: Delete merged branch - uses: SvanBoxel/delete-merged-branch@main + uses: SvanBoxel/delete-merged-branch@2b5b058e3db41a3328fd9a6a58fd4c2545a14353 # main env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/integ-tests-with-security.yml b/.github/workflows/integ-tests-with-security.yml index ca662f91..aea8b7bd 100644 --- a/.github/workflows/integ-tests-with-security.yml +++ b/.github/workflows/integ-tests-with-security.yml @@ -11,7 +11,7 @@ on: jobs: Get-CI-Image-Tag: - uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main + uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main with: product: opensearch @@ -31,10 +31,10 @@ jobs: - name: Run start commands run: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-command }} - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v3 + uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3 with: distribution: 'temurin' java-version: ${{ matrix.java }} @@ -46,7 +46,7 @@ jobs: - name: Upload test reports if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 continue-on-error: true with: name: test-reports-${{ matrix.os }}-${{ matrix.java }} @@ -65,10 +65,10 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v3 + uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3 with: distribution: 'temurin' java-version: ${{ matrix.java }} @@ -78,7 +78,7 @@ jobs: - name: Upload test reports if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 continue-on-error: true with: name: test-reports-${{ matrix.os }}-${{ matrix.java }} diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index f83da9a5..c8226161 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -17,15 +17,15 @@ jobs: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up JDK 21 - uses: actions/setup-java@v3 + uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3 with: distribution: temurin # Temurin is a distribution of adoptium java-version: 21 - name: Load secret - uses: 1password/load-secrets-action@v2 + uses: 1password/load-secrets-action@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2 with: # Export loaded secrets as environment variables export-env: true @@ -35,7 +35,7 @@ jobs: MAVEN_SNAPSHOTS_S3_ROLE: op://opensearch-infra-secrets/maven-snapshots-s3/role - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5 with: role-to-assume: ${{ env.MAVEN_SNAPSHOTS_S3_ROLE }} aws-region: us-east-1 diff --git a/.github/workflows/remote_repository_exporter.yml b/.github/workflows/remote_repository_exporter.yml index 5475cb4f..ff730056 100644 --- a/.github/workflows/remote_repository_exporter.yml +++ b/.github/workflows/remote_repository_exporter.yml @@ -25,10 +25,10 @@ jobs: steps: - name: Checkout query-insights - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Java ${{ matrix.java }} - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: java-version: ${{ matrix.java }} distribution: 'temurin'