diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..92c44a82b --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 3d5573bee..722039a23 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -35,16 +35,16 @@ jobs: name: ${{ matrix.setup }} steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main + uses: jlumbroso/free-disk-space@76866dbe54312617f00798d1762df7f43def6e5c # v1.2.0 with: # this might remove tools that are actually needed, # if set to "true" but frees about 6 GB tool-cache: false - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -53,7 +53,7 @@ jobs: build-${{ matrix.setup }}-m2-repository-cache- # Enable caching of Docker layers - - uses: jpribyl/action-docker-layer-caching@v0.1.1 + - uses: jpribyl/action-docker-layer-caching@c632825d12ec837065f49726ea27ddd40bcc7894 # v0.1.1 continue-on-error: true with: key: build-${{ matrix.setup }}-docker-cache-{hash} @@ -69,7 +69,7 @@ jobs: - name: Checking for test failures run: ./.github/scripts/check_build_result.sh build.output - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 if: ${{ failure() }} with: name: build-${{ matrix.setup }}-target @@ -82,29 +82,29 @@ jobs: runs-on: windows-2019 name: windows-x86_64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu - name: Add msbuild to PATH - uses: microsoft/setup-msbuild@v1.0.2 + uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1 - name: Configuring Developer Command Prompt - uses: ilammy/msvc-dev-cmd@v1 + uses: ilammy/msvc-dev-cmd@7315a94840631165970262a99c72cfb48a65d25d # v1.12.0 with: arch: x86_amd64 - name: Install tools - uses: crazy-max/ghaction-chocolatey@v1 + uses: crazy-max/ghaction-chocolatey@834401ba518bc98bb1bb936e421d37ae96c1a8a0 # v2.3.0 with: args: install ninja nasm # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -115,7 +115,7 @@ jobs: - name: Build netty-tcnative-boringssl-static run: ./mvnw.cmd --file pom.xml -am -pl boringssl-static clean package - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 if: ${{ failure() }} with: name: build-windows-target diff --git a/.github/workflows/ci-deploy.yml b/.github/workflows/ci-deploy.yml index d3e06e08d..fd0ef9d35 100644 --- a/.github/workflows/ci-deploy.yml +++ b/.github/workflows/ci-deploy.yml @@ -36,16 +36,16 @@ jobs: name: stage-snapshot-${{ matrix.setup }} steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main + uses: jlumbroso/free-disk-space@76866dbe54312617f00798d1762df7f43def6e5c # v1.2.0 with: # this might remove tools that are actually needed, # if set to "true" but frees about 6 GB tool-cache: false - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -54,7 +54,7 @@ jobs: stage-snapshot-${{ matrix.setup }}-m2-repository-cache- # Enable caching of Docker layers - - uses: jpribyl/action-docker-layer-caching@v0.1.1 + - uses: jpribyl/action-docker-layer-caching@c632825d12ec837065f49726ea27ddd40bcc7894 # v0.1.1 env: docker-cache-name: staging-${{ matrix.setup }}-cache-docker continue-on-error: true @@ -73,7 +73,7 @@ jobs: run: docker-compose ${{ matrix.docker-compose-run }} - name: Upload local staging directory - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ matrix.setup }}-local-staging path: ~/local-staging @@ -84,32 +84,32 @@ jobs: runs-on: windows-2019 name: stage-snapshot-windows-x86_64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Create local staging directory run: mkdir local-staging - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu - name: Add msbuild to PATH - uses: microsoft/setup-msbuild@v1.0.2 + uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1 - name: Configuring Developer Command Prompt - uses: ilammy/msvc-dev-cmd@v1 + uses: ilammy/msvc-dev-cmd@7315a94840631165970262a99c72cfb48a65d25d # v1.12.0 with: arch: x86_amd64 - name: Install tools - uses: crazy-max/ghaction-chocolatey@v1 + uses: crazy-max/ghaction-chocolatey@834401ba518bc98bb1bb936e421d37ae96c1a8a0 # v2.3.0 with: args: install ninja nasm # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -121,7 +121,7 @@ jobs: run: ./mvnw.cmd --file pom.xml -am -pl boringssl-static clean package org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DaltStagingDirectory=local-staging -DskipRemoteStaging=true -DskipTests=true - name: Upload local staging directory - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: windows-x86_64-local-staging path: boringssl-static/local-staging @@ -132,10 +132,10 @@ jobs: # Wait until we have staged everything needs: [stage-snapshot, stage-snapshot-windows] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu @@ -148,25 +148,25 @@ jobs: # Hardcode the staging artifacts that need to be downloaded. # These must match the matrix setups and windows build. There is currently no way to pull this out of the config. - name: Download windows_x86_64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: windows-x86_64-local-staging path: ~/windows-x86_64-local-staging - name: Download centos7-aarch64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: centos7-aarch64-local-staging path: ~/centos7-aarch64-local-staging - name: Download debian7-x86_64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: debian7-x86_64-local-staging path: ~/debian7-x86_64-local-staging - name: Download centos6-x86_64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: centos6-x86_64-local-staging path: ~/centos6-x86_64-local-staging @@ -184,7 +184,7 @@ jobs: cp -r ~/centos6-x86_64-local-staging/deferred/* ~/local-staging/deferred/ # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -193,7 +193,7 @@ jobs: deploy-stage-snapshot-m2-repository-cache- - - uses: s4u/maven-settings-action@v2.2.0 + - uses: s4u/maven-settings-action@60912582505985be4cc55d2b890eb32767f8de5f # v2.8.0 with: servers: | [{ diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml index 7373d494b..e870a6806 100644 --- a/.github/workflows/ci-pr.yml +++ b/.github/workflows/ci-pr.yml @@ -32,16 +32,16 @@ jobs: name: ${{ matrix.setup }} steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main + uses: jlumbroso/free-disk-space@76866dbe54312617f00798d1762df7f43def6e5c # v1.2.0 with: # this might remove tools that are actually needed, # if set to "true" but frees about 6 GB tool-cache: false - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 # Enable caching of Docker layers - - uses: jpribyl/action-docker-layer-caching@v0.1.1 + - uses: jpribyl/action-docker-layer-caching@c632825d12ec837065f49726ea27ddd40bcc7894 # v0.1.1 continue-on-error: true with: key: pr-${{ matrix.setup }}-docker-cache-{hash} @@ -49,7 +49,7 @@ jobs: pr-${{ matrix.setup }}-docker-cache- # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -66,7 +66,7 @@ jobs: - name: Checking for test failures run: ./.github/scripts/check_build_result.sh build.output - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 if: ${{ failure() }} with: name: build-pr-${{ matrix.setup }}-target @@ -78,29 +78,29 @@ jobs: runs-on: windows-2019 name: windows-x86_64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu - name: Add msbuild to PATH - uses: microsoft/setup-msbuild@v1.0.2 + uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1 - name: Configuring Developer Command Prompt - uses: ilammy/msvc-dev-cmd@v1 + uses: ilammy/msvc-dev-cmd@7315a94840631165970262a99c72cfb48a65d25d # v1.12.0 with: arch: x86_amd64 - name: Install tools - uses: crazy-max/ghaction-chocolatey@v1 + uses: crazy-max/ghaction-chocolatey@834401ba518bc98bb1bb936e421d37ae96c1a8a0 # v2.3.0 with: args: install ninja nasm # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -111,7 +111,7 @@ jobs: - name: Build netty-tcnative-boringssl-static run: ./mvnw.cmd --file pom.xml -am -pl boringssl-static clean package - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 if: ${{ failure() }} with: name: build-pr-windows-target diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 4b54d5387..ec4e23a53 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -17,12 +17,12 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: main - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu @@ -33,13 +33,13 @@ jobs: git config --global user.name "Netty Project Bot" - name: Install SSH key - uses: shimataro/ssh-key-action@v2 + uses: shimataro/ssh-key-action@685d0f20da72e4b53cc81d373a2ed0a867770e46 # v2.5.1 with: key: ${{ secrets.SSH_PRIVATE_KEY_PEM }} known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -56,7 +56,7 @@ jobs: run: ./.github/scripts/release_checkout_tag.sh release.properties - name: Upload workspace - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: prepare-release-workspace path: ${{ github.workspace }}/** @@ -83,14 +83,14 @@ jobs: steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main + uses: jlumbroso/free-disk-space@76866dbe54312617f00798d1762df7f43def6e5c # v1.2.0 with: # this might remove tools that are actually needed, # if set to "true" but frees about 6 GB tool-cache: false - name: Download release-workspace - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: prepare-release-workspace path: ./prepare-release-workspace/ @@ -99,7 +99,7 @@ jobs: run: chmod 755 ./prepare-release-workspace/mvnw - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu @@ -110,13 +110,13 @@ jobs: git config --global user.name "Netty Project Bot" - name: Install SSH key - uses: shimataro/ssh-key-action@v2 + uses: shimataro/ssh-key-action@685d0f20da72e4b53cc81d373a2ed0a867770e46 # v2.5.1 with: key: ${{ secrets.SSH_PRIVATE_KEY_PEM }} known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -125,7 +125,7 @@ jobs: stage-release-linux-${{ matrix.setup }}-m2-repository-cache- # Enable caching of Docker layers - - uses: jpribyl/action-docker-layer-caching@v0.1.1 + - uses: jpribyl/action-docker-layer-caching@c632825d12ec837065f49726ea27ddd40bcc7894 # v0.1.1 env: docker-cache-name: staging-${{ matrix.setup }}-cache-docker continue-on-error: true @@ -134,7 +134,7 @@ jobs: restore-keys: | ${{ runner.os }}-staging-${{ env.docker-cache-name }}- - - uses: s4u/maven-settings-action@v2.2.0 + - uses: s4u/maven-settings-action@60912582505985be4cc55d2b890eb32767f8de5f # v2.8.0 with: servers: | [{ @@ -159,7 +159,7 @@ jobs: run: docker-compose ${{ matrix.docker-compose-run }} - name: Upload local staging directory - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ matrix.setup }}-local-staging path: ~/local-staging @@ -179,7 +179,7 @@ jobs: contents: write steps: - name: Download release-workspace - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: prepare-release-workspace path: prepare-release-workspace @@ -190,39 +190,39 @@ jobs: git config --global user.name "Netty Project Bot" - name: Install SSH key - uses: shimataro/ssh-key-action@v2 + uses: shimataro/ssh-key-action@685d0f20da72e4b53cc81d373a2ed0a867770e46 # v2.5.1 with: key: ${{ secrets.SSH_PRIVATE_KEY_PEM }} known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu - name: Add msbuild to PATH - uses: microsoft/setup-msbuild@v1.0.2 + uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1 - name: Configuring Developer Command Prompt - uses: ilammy/msvc-dev-cmd@v1 + uses: ilammy/msvc-dev-cmd@7315a94840631165970262a99c72cfb48a65d25d # v1.12.0 with: arch: x86_amd64 - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@v3 + uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5.4.0 with: - gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} - name: Install tools - uses: crazy-max/ghaction-chocolatey@v1 + uses: crazy-max/ghaction-chocolatey@834401ba518bc98bb1bb936e421d37ae96c1a8a0 # v2.3.0 with: args: install ninja nasm # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -230,7 +230,7 @@ jobs: restore-keys: | staging-release-cache-windows-m2-repository- - - uses: s4u/maven-settings-action@v2.2.0 + - uses: s4u/maven-settings-action@60912582505985be4cc55d2b890eb32767f8de5f # v2.8.0 with: servers: | [{ @@ -244,7 +244,7 @@ jobs: run: ./mvnw --file pom.xml -Pstage -am -pl boringssl-static clean javadoc:jar package gpg:sign org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DnexusUrl=https://oss.sonatype.org -DserverId=sonatype-nexus-staging -DaltStagingDirectory=local-staging -DskipRemoteStaging=true -DskipTests=true -D'checkstyle.skip=true' - name: Upload local staging directory - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: windows-x86_64-local-staging path: prepare-release-workspace/boringssl-static/local-staging @@ -264,7 +264,7 @@ jobs: contents: write steps: - name: Download release-workspace - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: prepare-release-workspace path: ./prepare-release-workspace/ @@ -273,7 +273,7 @@ jobs: run: chmod 755 ./prepare-release-workspace/mvnw - name: Set up JDK 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: java-version: 8 distribution: zulu @@ -284,7 +284,7 @@ jobs: git config --global user.name "Netty Project Bot" - name: Install SSH key - uses: shimataro/ssh-key-action@v2 + uses: shimataro/ssh-key-action@685d0f20da72e4b53cc81d373a2ed0a867770e46 # v2.5.1 with: key: ${{ secrets.SSH_PRIVATE_KEY_PEM }} known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} @@ -292,25 +292,25 @@ jobs: # Hardcode the staging artifacts that need to be downloaded. # These must match the matrix setups. There is currently no way to pull this out of the config. - name: Download windows-x86_64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: windows-x86_64-local-staging path: ~/windows-x86_64-local-staging - name: Download centos7-aarch64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: centos7-aarch64-local-staging path: ~/centos7-aarch64-local-staging - name: Download debian7-x86_64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: debian7-x86_64-local-staging path: ~/debian7-x86_64-local-staging - name: Download centos6-x86_64 staging directory - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: centos6-x86_64-local-staging path: ~/centos6-x86_64-local-staging @@ -322,7 +322,7 @@ jobs: run: bash ./.github/scripts/merge_local_staging.sh /home/runner/local-staging/staging ~/windows-x86_64-local-staging/staging ~/centos7-aarch64-local-staging/staging ~/debian7-x86_64-local-staging/staging ~/centos6-x86_64-local-staging/staging # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -331,7 +331,7 @@ jobs: deploy-staged-release-cache-m2-repository- - - uses: s4u/maven-settings-action@v2.2.0 + - uses: s4u/maven-settings-action@60912582505985be4cc55d2b890eb32767f8de5f # v2.8.0 with: servers: | [{ diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1227315ef..56e698ffd 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,10 +37,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 # Cache .m2/repository - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 continue-on-error: true with: path: ~/.m2/repository @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -77,4 +77,4 @@ jobs: run: ./mvnw clean package -pl openssl-dynamic -DskipTests=true - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5