From f07a3ec3a156729f4b56dc3e0812c1bcc1c9cac3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 06:42:46 +0000 Subject: [PATCH] Pin dependencies --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/gradle.yml | 12 ++++++------ .github/workflows/groovy-joint-workflow.yml | 16 ++++++++-------- .github/workflows/release-notes.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/retry-release.yml | 4 ++-- .github/workflows/sdkman.yml | 6 +++--- 7 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4a0e5b97281..2b57c76771e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,11 +38,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3 diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index ff1e3038c9a..91e3ee4ec33 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -19,14 +19,14 @@ jobs: java: [17] steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: temurin java-version: ${{ matrix.java }} - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "🔨 Build project" @@ -43,14 +43,14 @@ jobs: runs-on: ubuntu-latest steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: temurin java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📤 Publish Snapshot Artifacts to Artifactory (repo.grails.org/libs-snapshot-local)" diff --git a/.github/workflows/groovy-joint-workflow.yml b/.github/workflows/groovy-joint-workflow.yml index defb1fe1315..d7e43705cd4 100644 --- a/.github/workflows/groovy-joint-workflow.yml +++ b/.github/workflows/groovy-joint-workflow.yml @@ -16,17 +16,17 @@ jobs: groovyVersion: ${{ steps.groovy-version.outputs.value }} steps: - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: temurin java-version: 17 - name: "🗄ī¸ Cache local Maven repository" - uses: actions/cache@v4 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 with: path: ~/.m2/repository key: cache-local-maven-${{ github.sha }} - name: "đŸ“Ĩ Checkout Grails Core to fetch Gradle Plugin versions it uses" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: sparse-checkout-cone-mode: false sparse-checkout: settings.gradle @@ -43,7 +43,7 @@ jobs: - name: "đŸ“Ĩ Checkout Groovy 4_0_X (Grails 7 and later)" run: git clone --depth 1 https://github.com/apache/groovy.git -b GROOVY_4_0_X --single-branch - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📝 Store Groovy version to use when building Grails" @@ -117,18 +117,18 @@ jobs: runs-on: ubuntu-latest steps: - name: "đŸ“Ĩ Checkout project" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: temurin java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "🗄ī¸ Restore local Maven repository from cache" - uses: actions/cache@v4 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 with: path: ~/.m2/repository key: cache-local-maven-${{ github.sha }} diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index f40a82c4567..a4b35828a54 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -19,6 +19,6 @@ jobs: runs-on: ubuntu-latest steps: - name: "📝 Update Release Draft" - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6 env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3a57f2e132f..b0078d5fedb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,14 +17,14 @@ jobs: GIT_USER_EMAIL: 'grails-build@users.noreply.github.com' steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: temurin java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📝 Store the target branch" @@ -90,17 +90,17 @@ jobs: contents: read # limit to read access steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: token: ${{ secrets.GH_TOKEN }} ref: v${{ needs.publish.outputs.release_version }} - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: temurin java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "đŸšĒ Nexus Staging Close And Release" diff --git a/.github/workflows/retry-release.yml b/.github/workflows/retry-release.yml index 5fb78991d9e..72317358491 100644 --- a/.github/workflows/retry-release.yml +++ b/.github/workflows/retry-release.yml @@ -20,7 +20,7 @@ jobs: GIT_USER_EMAIL: 'grails-build@users.noreply.github.com' steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: ref: "v${{ github.event.inputs.release }}" token: ${{ secrets.GH_TOKEN }} @@ -30,7 +30,7 @@ jobs: distribution: temurin java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📝 Store the target branch" diff --git a/.github/workflows/sdkman.yml b/.github/workflows/sdkman.yml index 74688e1687a..ebab19c234f 100644 --- a/.github/workflows/sdkman.yml +++ b/.github/workflows/sdkman.yml @@ -12,17 +12,17 @@ jobs: contents: read steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: token: ${{ secrets.GH_TOKEN }} ref: v${{ github.event.inputs.version }} - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4 with: distribution: temurin java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "🏆 Grails SDK Minor Release"