diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c986bf07c17..de772ce83d6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,11 +36,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -51,7 +51,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -65,4 +65,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2 diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 874c43837c8..54eb051b7dc 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -20,9 +20,9 @@ jobs: env: WORKSPACE: ${{ github.workspace }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: distribution: 'adopt' java-version: ${{ matrix.java }} @@ -44,11 +44,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: token: ${{ secrets.GH_TOKEN }} - name: Set up JDK 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: distribution: 'adopt' java-version: 11 @@ -77,7 +77,7 @@ jobs: id: dispatch_message run: echo "value={\"message\":\"New Core Snapshot $(date) - $GITHUB_SHA\"}" >> $GITHUB_OUTPUT - name: Invoke the Java CI workflow in Grails Functional Tests - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Java CI repo: grails/grails-functional-tests diff --git a/.github/workflows/groovy-joint-workflow.yml b/.github/workflows/groovy-joint-workflow.yml index 3d015e6535d..735f344ee5f 100644 --- a/.github/workflows/groovy-joint-workflow.yml +++ b/.github/workflows/groovy-joint-workflow.yml @@ -38,12 +38,12 @@ jobs: groovyVersion: ${{ steps.groovy-version.outputs.value }} steps: - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: distribution: 'adopt' java-version: '11.0.6' - name: Cache local Maven repository & Groovy - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3 with: path: | ~/groovy @@ -128,14 +128,14 @@ jobs: fail-fast: true runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: distribution: 'adopt' java-version: '11' - name: Cache local Maven repository & Groovy - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3 with: path: | ~/groovy diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index a5a3e41c931..9395b951368 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -16,7 +16,7 @@ jobs: release_notes: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Check if it has release drafter config file id: check_release_drafter run: | @@ -26,7 +26,7 @@ jobs: id: extract_branch run: echo ::set-output name=value::${GITHUB_REF:11} # If it has release drafter: - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5 if: steps.check_release_drafter.outputs.has_release_drafter == 'true' env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} @@ -41,7 +41,7 @@ jobs: id: release_notes with: token: ${{ secrets.GH_TOKEN }} - - uses: ncipollo/release-action@v1 + - uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1 if: steps.check_release_drafter.outputs.has_release_drafter == 'false' && steps.release_notes.outputs.generated_changelog == 'true' with: allowUpdates: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ab88f98b4b6..44a21e584c8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,12 +18,12 @@ jobs: GIT_USER_EMAIL: behlp@unityfoundation.io steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: token: ${{ secrets.GH_TOKEN }} - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: distribution: 'adopt' java-version: ${{ matrix.java }} @@ -98,7 +98,7 @@ jobs: - name: Invoke grails-doc release workflow if: steps.publish.outcome == 'success' id: grails_doc - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-doc @@ -108,7 +108,7 @@ jobs: - name: Invoke grails-static-website release workflow if: steps.publish.outcome == 'success' id: grails_static_website - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-static-website diff --git a/.github/workflows/retry-release.yml b/.github/workflows/retry-release.yml index 1d4066c3304..5c42b9c8aee 100644 --- a/.github/workflows/retry-release.yml +++ b/.github/workflows/retry-release.yml @@ -21,12 +21,12 @@ jobs: GIT_USER_EMAIL: behlp@unityfoundation.io steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: ref: "v${{ github.event.inputs.release }}" token: ${{ secrets.GH_TOKEN }} - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: distribution: 'adopt' java-version: 11 @@ -54,7 +54,7 @@ jobs: - name: Upload artifacts to the Github release id: upload_artifact if: steps.assemble.outcome == 'success' - uses: Roang-zero1/github-upload-release-artifacts-action@v3 + uses: Roang-zero1/github-upload-release-artifacts-action@87271b3f8dca9feb9e9d44381fddd2db7f09d6e1 # v3 with: created_tag: v${{ github.event.inputs.release }} args: build/distributions/grails-${{ steps.release_version.outputs.release_version }}.zip @@ -70,7 +70,7 @@ jobs: - name: Invoke grails-doc release workflow if: steps.assemble.outcome == 'success' id: grails_doc - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-doc @@ -80,7 +80,7 @@ jobs: - name: Invoke grails-static-website release workflow if: steps.assemble.outcome == 'success' id: grails_static_website - uses: benc-uk/workflow-dispatch@v1.2 + uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2 with: workflow: Release repo: grails/grails-static-website