diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index bc115239f..2275a96e1 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -20,11 +20,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 2 - name: Verify Changed files in docs - uses: tj-actions/verify-changed-files@bcb4e766c132157cda3d1e8c7ca3d68d86d6ae6b # v8.1 + uses: tj-actions/verify-changed-files@9ed3155b72ba709881c967f75611fc5852f773b9 # v13.1 id: verify-changed-files with: files: | @@ -50,10 +50,10 @@ jobs: if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }} with: limit-access-to-actor: true - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: gradle/wrapper-validation-action@699bb18358f12c5b78b37bb0111d3a0e2276e0e2 # v2 - name: install-java8 - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4 with: java-version: 11 distribution: temurin @@ -80,13 +80,13 @@ jobs: run: | ./gradlew --no-daemon jacocoTestReport - name: Upload Test Report - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 if: always() # always run even if the previous step fails with: name: junit-test-results path: '**/build/test-results/test/TEST-*.xml' retention-days: 1 - - uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # v2 + - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4 with: #files: ./coverage1.xml,./coverage2.xml # optional flags: ${{ runner.os }} # optional @@ -94,7 +94,7 @@ jobs: verbose: true # optional (default = false) - name: build-choco-package if: runner.os == 'Windows' - uses: actions/setup-dotnet@608ee757cfcce72c2e91e99aca128e0cae67de87 # v1 + uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4 with: dotnet-version: '2.2.204' # SDK Version to use. - name: build-choco @@ -103,13 +103,13 @@ jobs: powershell choco pack build/choco/jbang.nuspec - name: Archive build results - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 if: always() with: name: ${{ runner.os }}-build-${{ github.sha }} path: build - name: Upload jbang.zip - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 if: always() && runner.os != 'Windows' with: name: jbang-${{ github.sha }} @@ -125,11 +125,11 @@ jobs: java: [8,11,17,19] runs-on: ${{ matrix.os }} steps: - - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 + - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4 with: distribution: 'temurin' java-version: ${{ matrix.java }} - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4 with: name: ${{ runner.os }}-build-${{ github.sha }} path: build diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index facbaa33f..f88ff09f0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,11 +38,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@231aa2c8a89117b126725a0e11897209b7118144 # v1 + uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@231aa2c8a89117b126725a0e11897209b7118144 # v1 + uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -67,4 +67,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@231aa2c8a89117b126725a0e11897209b7118144 # v1 + uses: github/codeql-action/analyze@3ab4101902695724f9365a384f86c1074d94e18c # v3 diff --git a/.github/workflows/install-tests.yml b/.github/workflows/install-tests.yml index c7a5d408c..cabcefd8a 100644 --- a/.github/workflows/install-tests.yml +++ b/.github/workflows/install-tests.yml @@ -6,7 +6,7 @@ jobs: macos: runs-on: macos-latest steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Remove Java run: | sudo rm -rf /Library/Java/* diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index 43da9f458..808b25611 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -23,11 +23,11 @@ jobs: JRELEASER_NEXUS2_PASSWORD: ${{ secrets.OSSRH_TOKEN }} JRELEASER_VERSION: 1.9.0 steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: install-java11 - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4 with: java-version: 11 distribution: temurin @@ -50,7 +50,7 @@ jobs: setup-java: false - name: JReleaser publish output if: always() - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: jreleaser-publish path: | @@ -73,14 +73,14 @@ jobs: setup-java: false - name: JReleaser announce output if: always() - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: jreleaser-announce path: | out/jreleaser/trace.log out/jreleaser/output.properties - name: upload-choco - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: build-choco path: build/choco @@ -90,11 +90,11 @@ jobs: name: publish-choco continue-on-error: true steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4 with: name: build-choco path: build/choco - - uses: actions/setup-dotnet@608ee757cfcce72c2e91e99aca128e0cae67de87 # v1 + - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4 with: dotnet-version: '2.2.204' # SDK Version to use. - name: choco-build diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index ca5deaccb..af57b3673 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -22,7 +22,7 @@ jobs: workflow: ${{ github.event.workflow.id }} run_id: ${{ github.event.workflow_run.id }} - name: Publish Test Report - uses: mikepenz/action-junit-report@150e2f992e4fad1379da2056d1d1c279f520e058 # v3 + uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4 with: commit: ${{github.event.workflow_run.head_sha}} report_paths: '**/build/test-results/test/TEST-*.xml' \ No newline at end of file diff --git a/.github/workflows/tag-and-release.yml b/.github/workflows/tag-and-release.yml index c5c9150e9..fe470651a 100644 --- a/.github/workflows/tag-and-release.yml +++ b/.github/workflows/tag-and-release.yml @@ -23,11 +23,11 @@ jobs: JRELEASER_NEXUS2_PASSWORD: ${{ secrets.OSSRH_TOKEN }} JRELEASER_VERSION: 1.5.1 steps: - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 - name: install-java11 - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4 with: java-version: 11 distribution: temurin @@ -57,7 +57,7 @@ jobs: setup-java: false - name: JReleaser output if: always() - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: jreleaser-release path: |