diff --git a/.github/workflows/benchmark-clean.yml b/.github/workflows/benchmark-clean.yml index 910118b92..9fbd48b2a 100644 --- a/.github/workflows/benchmark-clean.yml +++ b/.github/workflows/benchmark-clean.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 # checkout sources + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout sources - name: Install doctl uses: digitalocean/action-doctl@v2 diff --git a/.github/workflows/benchmark-hook.yml b/.github/workflows/benchmark-hook.yml index aa9a9e297..abc62cfbf 100644 --- a/.github/workflows/benchmark-hook.yml +++ b/.github/workflows/benchmark-hook.yml @@ -8,7 +8,7 @@ on: - clean-webhook permissions: - contents: read # Required for actions/checkout@v3 to clone the repository + contents: read # Required for actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 to clone the repository id-token: write # Required for authentication in certain actions (e.g., digitalocean/action-doctl@v2) secrets: read # Required to access the DIGITALOCEAN_ACCESS_TOKEN secret @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install doctl uses: digitalocean/action-doctl@v2 @@ -49,7 +49,7 @@ jobs: kubectl -n evita logs job/${K8S_JOB_NAME} -c benchmark > /tmp/logs/${K8S_JOB_NAME}-log.txt || : - name: Archive logs from run - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: logs path: /tmp/logs diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 9e28aefad..c197cebde 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -44,7 +44,7 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - - uses: actions/checkout@v3 # checkout sources + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout sources - name: Install doctl uses: digitalocean/action-doctl@v2 diff --git a/.github/workflows/ci-dev-documentation.yml b/.github/workflows/ci-dev-documentation.yml index 366a3f97c..5e2719892 100644 --- a/.github/workflows/ci-dev-documentation.yml +++ b/.github/workflows/ci-dev-documentation.yml @@ -33,17 +33,17 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 # checkout sources + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout sources - name: Setup Java JDK - uses: actions/setup-java@v3 # setup JDK 17 for building + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 # setup JDK 17 for building with: distribution: 'temurin' java-version: '17' cache: 'maven' - name: Setup dotnet - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 with: dotnet-version: '8.0.X' # setup dotnet 8.0.X for building @@ -52,7 +52,7 @@ jobs: mvn -T 1C -B package -P documentation -V --fail-at-end -Dmaven.test.skip=false --file pom.xml - name: Publish Test Report - uses: mikepenz/action-junit-report@v3 + uses: mikepenz/action-junit-report@ee6b445351cd81e2f73a16a0e52d598aeac2197f # v5.3.0 if: success() || failure() # always run even if the previous step fails with: report_paths: '**/TEST-*.xml' diff --git a/.github/workflows/ci-dev.yml b/.github/workflows/ci-dev.yml index 143532e0b..a102b9cb4 100644 --- a/.github/workflows/ci-dev.yml +++ b/.github/workflows/ci-dev.yml @@ -37,10 +37,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 # checkout sources + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout sources - name: Setup Java JDK - uses: actions/setup-java@v3 # setup JDK 17 for building + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 # setup JDK 17 for building with: distribution: 'temurin' java-version: '17' @@ -57,25 +57,25 @@ jobs: jacoco/jacoco-summary.sh jacoco/target/site/jacoco-aggregate/jacoco.csv - name: Upload test results # upload XML with unit test results to artifact `test-results` for `test-report.yml` - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: success() || failure() with: name: test-results path: 'evita*/**/target/surefire-reports/TEST-*.xml' - name: Upload evitaDB server artifact # upload `evita-server.jar` for `docker-canary.yml` to deploy to DockerHub - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: success() with: name: evita-server.jar path: 'evita_server/target/evita-server.jar' - name: Upload coverage to Codecov # upload code coverage from Jacoco to codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive - name: Update dependency graph - uses: advanced-security/maven-dependency-submission-action@v3 + uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d # v4.1.1 - name: Deploy with Maven # deploy SNAPSHOTS to Maven repository run: | diff --git a/.github/workflows/ci-master.yml b/.github/workflows/ci-master.yml index 9291d28c6..4d8f7d2ae 100644 --- a/.github/workflows/ci-master.yml +++ b/.github/workflows/ci-master.yml @@ -36,7 +36,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 # checkout sources + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout sources with: ref: ${{ github.head_ref }} fetch-depth: 0 @@ -50,7 +50,7 @@ jobs: minor-identifier: '/feat(?:\\([^)]+\\))?:/' - name: Setup Java JDK - uses: actions/setup-java@v3 # setup JDK 17 for building + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.03 # setup JDK 17 for building with: distribution: 'temurin' java-version: '17' @@ -123,14 +123,14 @@ jobs: asset_content_type: application/gzip - name: Upload evitaDB server artifact # upload `evita-server.jar` for `docker-latest.yml` to deploy to DockerHub - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: success() with: name: evita-server.jar path: 'evita_server/target/evita-server.jar' - name: Upload evitaDB version.txt # upload `version.txt` for `docker-latest.yml` to deploy to DockerHub - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: success() with: name: version.txt diff --git a/.github/workflows/ci-performance.yml b/.github/workflows/ci-performance.yml index 8880ba338..82e13ff1b 100644 --- a/.github/workflows/ci-performance.yml +++ b/.github/workflows/ci-performance.yml @@ -20,10 +20,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 # checkout sources + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout sources - name: Setup Java JDK - uses: actions/setup-java@v3 # setup JDK 17 for building + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 # setup JDK 17 for building with: distribution: 'temurin' java-version: '17' diff --git a/.github/workflows/docker-canary.yml b/.github/workflows/docker-canary.yml index 7759ffbfe..47785cabe 100644 --- a/.github/workflows/docker-canary.yml +++ b/.github/workflows/docker-canary.yml @@ -19,7 +19,7 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - name: Checkout - uses: actions/checkout@v4 # checkout from Git + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout from Git with: ref: dev # Always checks out the dev branch diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index ad6bce42c..6489ce92c 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - - uses: actions/checkout@v3 # checkout from Git + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # checkout from Git with: ref: master # Always checks out the master branch (due to config file) diff --git a/.github/workflows/documentation-tests.yml b/.github/workflows/documentation-tests.yml index 82545641f..e720705ad 100644 --- a/.github/workflows/documentation-tests.yml +++ b/.github/workflows/documentation-tests.yml @@ -7,8 +7,8 @@ on: - cron: '0 0 * * 1' # runs on Monday morning permissions: - contents: read # Required for actions/checkout@v3 to access the repository - actions: write # Required for uploading artifacts using actions/upload-artifact@v4 + contents: read # Required for actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 to access the repository + actions: write # Required for uploading artifacts using actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 jobs: build: @@ -16,7 +16,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 2 @@ -27,7 +27,7 @@ jobs: echo "Commits found: $NEW_COMMIT_COUNT" - name: Setup Java JDK # this should setup JDK 17 but only if something was committed this day - uses: actions/setup-java@v3 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 if: ${{ env.NEW_COMMIT_COUNT != '0' }} with: distribution: 'temurin' @@ -39,7 +39,7 @@ jobs: run: mvn -T 1C -B package -P documentation -Dsurefire.reportNameSuffix=documentation -V --fail-at-end -Dmaven.test.skip=false --file pom.xml - name: Upload test results # this upload test results but only if something was committed this day - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: ${{ env.NEW_COMMIT_COUNT != '0' && always() }} with: name: test-results diff --git a/.github/workflows/long-running-tests.yml b/.github/workflows/long-running-tests.yml index c4a4813fa..96bd759e0 100644 --- a/.github/workflows/long-running-tests.yml +++ b/.github/workflows/long-running-tests.yml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 2 @@ -29,7 +29,7 @@ jobs: echo "Commits found: $NEW_COMMIT_COUNT" - name: Setup Java JDK # this should setup JDK 17 but only if something was committed this day - uses: actions/setup-java@v3 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 if: ${{ env.NEW_COMMIT_COUNT != '0' }} with: distribution: 'temurin' @@ -41,12 +41,12 @@ jobs: run: mvn -T 1C -B package -P longRunning -V --fail-at-end -Dmaven.test.skip=false --file pom.xml - name: Upload test results # this upload test results but only if something was committed this day - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: ${{ env.NEW_COMMIT_COUNT != '0' && always() }} with: name: test-results path: 'evita*/**/target/surefire-reports/TEST-*.xml' - name: Upload coverage to Codecov # this upload test coverage but only if something was committed this day - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 if: ${{ env.NEW_COMMIT_COUNT != '0' }} diff --git a/.github/workflows/test-report.yml b/.github/workflows/test-report.yml index 1a03444fd..930208906 100644 --- a/.github/workflows/test-report.yml +++ b/.github/workflows/test-report.yml @@ -31,7 +31,7 @@ jobs: name: test-results # artifact name - name: Publish Test Report - uses: mikepenz/action-junit-report@v4 + uses: mikepenz/action-junit-report@ee6b445351cd81e2f73a16a0e52d598aeac2197f # v5.3.0 if: success() || failure() # always run even if the previous step fails with: report_paths: '**/TEST-*.xml'