diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 7dc11b8bdd0..7e83acf6418 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -14,12 +14,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - uses: gradle/wrapper-validation-action@v2.0.0 + - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'temurin' java-version: '17' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index feed7dc332e..c83fc414750 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: # Get GitHub token via the CT SDKs App - name: Generate GitHub token (via CT SDKs App) id: generate_github_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1 with: app-id: ${{ secrets.CT_SDKS_APP_ID }} private-key: ${{ secrets.CT_SDKS_APP_PEM }} @@ -38,28 +38,28 @@ jobs: echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: # Pass a personal access token (using our CT SDKs App) to be able to trigger other workflows # https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token # https://github.community/t/action-does-not-trigger-another-on-push-tag-action/17148/8 token: ${{ steps.generate_github_token.outputs.token }} - - uses: gradle/wrapper-validation-action@v2.0.0 + - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'temurin' java-version: '17' - name: Setup Graphviz - uses: ts-graphviz/setup-graphviz@v1.2.0 + uses: ts-graphviz/setup-graphviz@c001ccfb5aff62e28bda6a6c39b59a7e061be5b9 # v1.2.0 - name: Fix code style if: github.event_name == 'push' && github.ref != 'refs/heads/main' run: ./gradlew spotlessApply - - uses: stefanzweifel/git-auto-commit-action@v5.0.0 + - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 id: commit_style_fix if: github.event_name == 'push' && github.ref != 'refs/heads/main' with: @@ -73,7 +73,7 @@ jobs: if: steps.commit_style_fix.outputs.changes_detected == 'true' run: echo "${{steps.auto-commit-action.outputs.commit_hash}}" >> .git-blame-ignore-revs - - uses: stefanzweifel/git-auto-commit-action@v5.0.0 + - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 id: commit_rev_ignore if: github.event_name == 'push' && github.ref != 'refs/heads/main' with: @@ -92,7 +92,7 @@ jobs: if: ${{ failure() }} run: cat licenses/dependencies-without-allowed-license.json - - uses: stefanzweifel/git-auto-commit-action@v5.0.0 + - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 id: commit_license_change if: github.event_name == 'push' && github.ref != 'refs/heads/main' with: @@ -149,26 +149,26 @@ jobs: # Get GitHub token via the CT SDKs App - name: Generate GitHub token (via CT SDKs App) id: generate_github_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1 with: app-id: ${{ secrets.CT_SDKS_APP_ID }} private-key: ${{ secrets.CT_SDKS_APP_PEM }} - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: token: ${{ steps.generate_github_token.outputs.token }} - - uses: gradle/wrapper-validation-action@v2.0.0 + - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'temurin' java-version: '17' - name: Setup Graphviz - uses: ts-graphviz/setup-graphviz@v1.2.0 + uses: ts-graphviz/setup-graphviz@c001ccfb5aff62e28bda6a6c39b59a7e061be5b9 # v1.2.0 - name: build javadoc if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' && github.ref == 'refs/heads/main' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 29733ef9390..5a637764583 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,11 +45,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -63,7 +63,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -76,6 +76,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/create-pr.yml b/.github/workflows/create-pr.yml index 7ddcbce2cd5..9eac7cedb1c 100644 --- a/.github/workflows/create-pr.yml +++ b/.github/workflows/create-pr.yml @@ -18,7 +18,7 @@ jobs: # Get GitHub token via the CT SDKs App - name: Generate GitHub token (via CT SDKs App) id: generate_github_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1 with: app-id: ${{ secrets.CT_SDKS_APP_ID }} private-key: ${{ secrets.CT_SDKS_APP_PEM }} @@ -32,13 +32,13 @@ jobs: echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: token: ${{ steps.generate_github_token.outputs.token }} - - uses: gradle/wrapper-validation-action@v2.0.0 + - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 - - uses: jenschude/auto-create-pr-action@v0.3.2 + - uses: jenschude/auto-create-pr-action@a5369414c74963e6ec065dab49066d3711b8c1db # v0.3.2 if: github.ref_name == 'gen-sdk-updates' with: request_title: "Update generated SDKs" @@ -53,7 +53,7 @@ jobs: ### Breaking changes - - uses: jenschude/auto-create-pr-action@v0.3.2 + - uses: jenschude/auto-create-pr-action@a5369414c74963e6ec065dab49066d3711b8c1db # v0.3.2 if: github.ref_name == 'after-release' with: request_title: "Update changelog" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 808474e5fff..39a1f8afe39 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -25,7 +25,7 @@ jobs: # Get GitHub token via the CT SDKs App - name: Generate GitHub token (via CT SDKs App) id: generate_github_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1 with: app-id: ${{ secrets.CT_SDKS_APP_ID }} private-key: ${{ secrets.CT_SDKS_APP_PEM }} @@ -39,33 +39,33 @@ jobs: echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: path: sdk token: ${{ steps.generate_github_token.outputs.token }} - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: path: doc ref: gh-pages token: ${{ steps.generate_github_token.outputs.token }} - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'temurin' java-version: '17' - name: Setup Graphviz - uses: ts-graphviz/setup-graphviz@v1.2.0 + uses: ts-graphviz/setup-graphviz@c001ccfb5aff62e28bda6a6c39b59a7e061be5b9 # v1.2.0 - run: ./gradlew -Pversion=${{ github.event.inputs.version }} alljavadoc working-directory: sdk - run: rsync -r sdk/build/docs/javadoc/ doc/javadoc - - uses: stefanzweifel/git-auto-commit-action@v5.0.0 + - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 with: repository: doc commit_message: "Update javadoc" diff --git a/.github/workflows/release-snapshot.yml b/.github/workflows/release-snapshot.yml index 0b69543b4b2..5d75a0f68b9 100644 --- a/.github/workflows/release-snapshot.yml +++ b/.github/workflows/release-snapshot.yml @@ -16,20 +16,20 @@ jobs: # Get GitHub token via the CT SDKs App - name: Generate GitHub token (via CT SDKs App) id: generate_github_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1 with: app-id: ${{ secrets.CT_SDKS_APP_ID }} private-key: ${{ secrets.CT_SDKS_APP_PEM }} - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: token: ${{ steps.generate_github_token.outputs.token }} - - uses: gradle/wrapper-validation-action@v2.0.0 + - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'temurin' java-version: '17' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 84fd0f12207..f84958607f1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,12 +17,12 @@ jobs: if: startsWith( github.ref, 'refs/tags/') steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - uses: gradle/wrapper-validation-action@v2.0.0 + - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'temurin' java-version: '17' @@ -55,7 +55,7 @@ jobs: # Get GitHub token via the CT SDKs App - name: Generate GitHub token (via CT SDKs App) id: generate_github_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1 with: app-id: ${{ secrets.CT_SDKS_APP_ID }} private-key: ${{ secrets.CT_SDKS_APP_PEM }} @@ -69,12 +69,12 @@ jobs: echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: ref: main token: ${{ steps.generate_github_token.outputs.token }} - - uses: gradle/wrapper-validation-action@v2.0.0 + - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 - run: ./gradlew -Pversion=${{ github.ref_name }} writeVersionToExamples writeVersionToReadme setVersion nextMinorVersion snapshotVersion @@ -97,7 +97,7 @@ jobs: run: rm -rf reference.txt continue-on-error: true - - uses: stefanzweifel/git-auto-commit-action@v5.0.0 + - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 with: commit_message: "TASK: Updating version in README" commit_author: ct-sdks[bot] <${{ steps.get_app_user.outputs.email }}> @@ -117,7 +117,7 @@ jobs: # Get GitHub token via the CT SDKs App - name: Generate GitHub token (via CT SDKs App) id: generate_github_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@86576b355dd19da0519e0bdb63d8edb5bcf76a25 # v1 with: app-id: ${{ secrets.CT_SDKS_APP_ID }} private-key: ${{ secrets.CT_SDKS_APP_PEM }} @@ -131,33 +131,33 @@ jobs: echo "email=${GH_APP_USER}+ct-sdks[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: path: sdk token: ${{ steps.generate_github_token.outputs.token }} - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: path: doc ref: gh-pages token: ${{ steps.generate_github_token.outputs.token }} - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: distribution: 'temurin' java-version: '17' - name: Setup Graphviz - uses: ts-graphviz/setup-graphviz@v1.2.0 + uses: ts-graphviz/setup-graphviz@c001ccfb5aff62e28bda6a6c39b59a7e061be5b9 # v1.2.0 - run: ./gradlew -Pversion=${{ github.ref_name }} alljavadoc working-directory: sdk - run: rsync -r sdk/build/docs/javadoc/ doc/javadoc - - uses: stefanzweifel/git-auto-commit-action@v5.0.0 + - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0 with: repository: doc commit_message: "Update javadoc"