diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b0aa3b2a..a2cb7733 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: outputs: core_version: ${{ steps.get_core_version.outputs.core_version }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -40,13 +40,13 @@ jobs: run: | echo "core_version=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT echo "name=$(./mvnw help:evaluate -Dexpression=project.artifactId -q -DforceStdout)" >> $GITHUB_OUTPUT - - uses: actions/setup-java@v5 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: | 11 17 distribution: 'temurin' - - uses: actions/cache@v5 + - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.m2 key: ${{ runner.os }}-build-${{ hashFiles('**/pom.xml') }} @@ -68,37 +68,37 @@ jobs: pull-requests: write statuses: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 0 - - uses: actions/cache@v5 + - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.m2 key: ${{ runner.os }}-build-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-build- ${{ runner.os }}- - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ github.repository_owner }}/cryostat ref: ${{ github.base_ref }} submodules: true fetch-depth: 0 - - uses: actions/setup-java@v5 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '21' distribution: 'temurin' cache: 'maven' - name: maven-settings - uses: s4u/maven-settings-action@v2 + uses: s4u/maven-settings-action@894661b3ddae382f1ae8edbeab60987e08cf0788 # v4.0.0 with: servers: '[{"id": "github", "username": "dummy", "password": "${{ secrets.GITHUB_TOKEN }}"}]' githubServer: false - run: git submodule init && git submodule update - name: Cache yarn packages - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: "./src/main/webui/.yarn/cache" key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }} @@ -137,7 +137,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Save cryostat image run: podman save -o cryostat.tar --format oci-archive quay.io/cryostat/cryostat:latest - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: cryostat path: ${{ github.workspace }}/cryostat.tar @@ -155,7 +155,7 @@ jobs: packages: write steps: - name: Download cryostat artifact - uses: actions/download-artifact@v7 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: cryostat - name: Load cryostat image @@ -164,7 +164,7 @@ jobs: run: podman tag cryostat:latest ghcr.io/${{ github.repository_owner }}/cryostat-core:pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}-linux - name: Push PR test image to ghcr.io id: push-cryostat-to-ghcr - uses: redhat-actions/push-to-registry@v2 + uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 with: image: cryostat-core tags: pr-${{ github.event.number }}-${{ github.event.pull_request.head.sha }}-linux @@ -186,13 +186,13 @@ jobs: steps: - name: Create markdown table id: md-table - uses: petems/csv-to-md-table-action@v4.0.0 + uses: petems/csv-to-md-table-action@401501a2cdf2512164c1be3b70411976a2b838b9 # v4.0.0 with: csvinput: | ARCH, IMAGE amd64, ${{ env.amd64_image }} - - uses: thollander/actions-comment-pull-request@v3 + - uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: message: |- ${{ steps.md-table.outputs.markdown-table }} diff --git a/.github/workflows/dependent-issues.yml b/.github/workflows/dependent-issues.yml index e55930b8..1e520304 100644 --- a/.github/workflows/dependent-issues.yml +++ b/.github/workflows/dependent-issues.yml @@ -26,7 +26,7 @@ jobs: statuses: write runs-on: ubuntu-latest steps: - - uses: z0al/dependent-issues@v1 + - uses: z0al/dependent-issues@950226e7ca8fc43dc209a7febf67c655af3bdb43 # v1.5.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 082d2598..4e97d44a 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -13,6 +13,6 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/labeler@v6 + - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/semantic-pr.yml b/.github/workflows/semantic-pr.yml index 99cb3acd..c3b91f3e 100644 --- a/.github/workflows/semantic-pr.yml +++ b/.github/workflows/semantic-pr.yml @@ -12,6 +12,6 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v6.1.1 + - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}