diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4a0e5b97281..9cb957c89da 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,11 +38,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3 diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 9a6a9f4148c..76fd04d8371 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -20,7 +20,7 @@ jobs: env: WORKSPACE: ${{ github.workspace }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Set up JDK uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Set up JDK 11 uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 with: @@ -76,7 +76,7 @@ jobs: echo $TARGET_BRANCH echo "value=${TARGET_BRANCH}" >> $GITHUB_OUTPUT - name: Invoke grails-doc release workflow - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2 with: workflow: Java CI repo: grails/grails-doc @@ -96,7 +96,7 @@ jobs: id: dispatch_message run: echo "value={\"message\":\"New Core Snapshot $(date) - $GITHUB_SHA\"}" >> $GITHUB_OUTPUT - name: Invoke the Java CI workflow in Grails Functional Tests - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2 with: workflow: Java CI repo: grails/grails-functional-tests diff --git a/.github/workflows/groovy-joint-workflow.yml b/.github/workflows/groovy-joint-workflow.yml index 44fd5ef1003..6aa663f9deb 100644 --- a/.github/workflows/groovy-joint-workflow.yml +++ b/.github/workflows/groovy-joint-workflow.yml @@ -38,7 +38,7 @@ jobs: groovyVersion: ${{ steps.groovy-version.outputs.value }} steps: - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4 with: distribution: 'adopt' java-version: '11.0.6' @@ -123,9 +123,9 @@ jobs: fail-fast: true runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4 with: distribution: 'adopt' java-version: '11' diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index 77eb699ad19..ac693722b99 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -18,7 +18,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Check if it has release drafter config file id: check_release_drafter run: | @@ -28,7 +28,7 @@ jobs: id: extract_branch run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT # If it has release drafter: - - uses: release-drafter/release-drafter@v6 + - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6 if: steps.check_release_drafter.outputs.has_release_drafter == 'true' env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} @@ -41,7 +41,7 @@ jobs: id: release_notes with: token: ${{ secrets.GH_TOKEN }} - - uses: ncipollo/release-action@v1 + - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1 if: steps.check_release_drafter.outputs.has_release_drafter == 'false' && steps.release_notes.outputs.generated_changelog == 'true' with: allowUpdates: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d9e67017be..ce21b6c55a4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,12 +17,12 @@ jobs: GIT_USER_EMAIL: behlp@unityfoundation.io steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: token: ${{ secrets.GH_TOKEN }} - - uses: gradle/wrapper-validation-action@v2 + - uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4 with: distribution: 'adopt' java-version: '11' @@ -43,7 +43,7 @@ jobs: - name: Run Assemble if: success() id: assemble - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3 with: arguments: assemble env: @@ -52,7 +52,7 @@ jobs: GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }} - name: Upload Distribution if: success() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 with: name: grails-${{ steps.release_version.outputs.value }}.zip path: build/distributions/grails-${{ steps.release_version.outputs.value }}.zip @@ -72,7 +72,7 @@ jobs: - name: Publish to Sonatype OSSRH id: publish if: success() - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3 env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }} @@ -96,13 +96,13 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: token: ${{ secrets.GH_TOKEN }} ref: v${{ needs.publish.outputs.release_version }} - - uses: gradle/wrapper-validation-action@v2 + - uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2 - name: Nexus Staging Close And Release - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3 env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }} @@ -135,7 +135,7 @@ jobs: env: RELEASE_VERSION: ${{ needs.publish.outputs.release_version }} - name: Invoke grails-doc release workflow - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2 with: workflow: Release repo: grails/grails-doc @@ -157,7 +157,7 @@ jobs: - name: Invoke grails-static-website release workflow if: success() id: grails_static_website - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2 with: workflow: Release repo: grails/grails-static-website diff --git a/.github/workflows/retry-release.yml b/.github/workflows/retry-release.yml index a25ee6a466f..0b970d5b853 100644 --- a/.github/workflows/retry-release.yml +++ b/.github/workflows/retry-release.yml @@ -21,7 +21,7 @@ jobs: GIT_USER_EMAIL: behlp@unityfoundation.io steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: ref: "v${{ github.event.inputs.release }}" token: ${{ secrets.GH_TOKEN }} @@ -54,7 +54,7 @@ jobs: - name: Upload artifacts to the Github release id: upload_artifact if: steps.assemble.outcome == 'success' - uses: Roang-zero1/github-upload-release-artifacts-action@v3 + uses: Roang-zero1/github-upload-release-artifacts-action@87271b3f8dca9feb9e9d44381fddd2db7f09d6e1 # v3 with: created_tag: v${{ github.event.inputs.release }} args: build/distributions/grails-${{ steps.release_version.outputs.release_version }}.zip @@ -70,7 +70,7 @@ jobs: - name: Invoke grails-doc release workflow if: steps.assemble.outcome == 'success' id: grails_doc - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2 with: workflow: Release repo: grails/grails-doc @@ -80,7 +80,7 @@ jobs: - name: Invoke grails-static-website release workflow if: steps.assemble.outcome == 'success' id: grails_static_website - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2 with: workflow: Release repo: grails/grails-static-website