From 52d8b33616a83d6252a3eee871c86dc3b9b7022a Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Wed, 16 Apr 2025 17:21:30 -0400 Subject: [PATCH] chore(ci): Pin actions --- .github/workflows/checks.yaml | 24 ++++++++++++------------ .github/workflows/codeql.yaml | 4 ++-- .github/workflows/release.yaml | 10 +++++----- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml index f88b0df2..085549b9 100644 --- a/.github/workflows/checks.yaml +++ b/.github/workflows/checks.yaml @@ -27,7 +27,7 @@ jobs: - name: Conventional Commits Check if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name) id: conventional-commits - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 + uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -58,12 +58,12 @@ jobs: mavenverify: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Set up JDK - uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: "11" distribution: "adopt" @@ -79,26 +79,26 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 + - uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Set up JDK - uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: "17" distribution: "temurin" server-id: github - name: Cache SonarCloud packages - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Maven packages - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} @@ -115,12 +115,12 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Java SDK - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Set up JDK - uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: "11" distribution: "adopt" diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 755b2183..d475ca55 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -23,10 +23,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Buf setup - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 + uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 - name: Initialize the CodeQL tools for scanning uses: github/codeql-action/init@v3 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 71f7fb49..7352d6b1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -21,7 +21,7 @@ jobs: with: app-id: "${{ secrets.APP_ID }}" private-key: "${{ secrets.AUTOMATION_KEY }}" - - uses: google-github-actions/release-please-action@v4 + - uses: googleapis/release-please-action@a02a34c4d625f9be7cb89156071d8567266a2445 # v4.2.0 with: token: "${{ steps.generate_token.outputs.token }}" config-file: release-please.json @@ -30,15 +30,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Buf - uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3 + uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} # stage maven profile - name: Set up JDK to publish to GitHub Packages if: github.ref == 'refs/heads/main' - uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: "11" distribution: "adopt" @@ -60,7 +60,7 @@ jobs: # release maven profile - name: Set up JDK to publish to Maven Central if: startsWith(github.ref, 'refs/tags/') - uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: "11" distribution: "adopt"