diff --git a/.github/workflows/publish_main_snapshot.yml b/.github/workflows/publish_main_snapshot.yml index d1f38cf..c45e7f5 100644 --- a/.github/workflows/publish_main_snapshot.yml +++ b/.github/workflows/publish_main_snapshot.yml @@ -8,9 +8,9 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4 - name: Set up JDK 11 - uses: actions/setup-java@v4 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v4 with: distribution: 'temurin' java-version: '11' diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml index ce8825e..532ddf6 100644 --- a/.github/workflows/publish_release.yml +++ b/.github/workflows/publish_release.yml @@ -9,9 +9,9 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4 - name: Set up JDK 11 - uses: actions/setup-java@v4 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v4 with: distribution: 'temurin' java-version: '11' diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 942848d..ea26c5f 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -8,10 +8,10 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: gradle/wrapper-validation-action@v1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4 + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # pin@v1 - name: Set up JDK 11 - uses: actions/setup-java@v4 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v4 with: distribution: 'temurin' java-version: '11' diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml index eaa3e96..520c5c0 100644 --- a/.github/workflows/repolinter.yml +++ b/.github/workflows/repolinter.yml @@ -6,7 +6,7 @@ name: Repolinter Action # Currently there is no elegant way to specify the default # branch in the event filtering, so branches are instead # filtered in the "Test Default Branch" step. -on: [push, workflow_dispatch] +on: [ push, workflow_dispatch ] jobs: repolint: @@ -15,17 +15,17 @@ jobs: steps: - name: Test Default Branch id: default-branch - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pin@v7 with: script: | const data = await github.rest.repos.get(context.repo) return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0] - name: Checkout Self if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: actions/checkout@v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4 - name: Run Repolinter if: ${{ steps.default-branch.outputs.result == 'true' }} - uses: newrelic/repolinter-action@v1 + uses: newrelic/repolinter-action@3f4448f855c351e9695b24524a4111c7847b84cb # pin@v1 with: config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-plus.yml output_type: issue diff --git a/.github/workflows/snyk_scan.yml b/.github/workflows/snyk_scan.yml index 37ef540..f6acdd6 100644 --- a/.github/workflows/snyk_scan.yml +++ b/.github/workflows/snyk_scan.yml @@ -6,7 +6,7 @@ name: Snyk Vulnerability Scan on: workflow_dispatch: schedule: - - cron: '00 15 * * 1' + - cron: '00 15 * * 1' push: branches: - main @@ -16,12 +16,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4 with: ref: 'main' - + - name: Run Snyk To Check For Vulnerabilities - uses: snyk/actions/gradle-jdk11@master + uses: snyk/actions/gradle-jdk11@8349f9043a8b7f0f3ee8885bf28f0b388d2446e8 # pin@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: