diff --git a/.github/workflows/_reusable_build.yml b/.github/workflows/_reusable_build.yml index dd24eff1..55e61b87 100644 --- a/.github/workflows/_reusable_build.yml +++ b/.github/workflows/_reusable_build.yml @@ -15,10 +15,10 @@ jobs: build: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: temurin java-version: 17 @@ -29,7 +29,7 @@ jobs: with: keeper-secret-config: ${{ secrets.KSM_CONFIG }} - - uses: docker/login-action@v3 + - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ${{ vars.BONITASOFT_DOCKER_REGISTRY }} username: ${{ env.JFROG_USER }} @@ -56,10 +56,10 @@ jobs: - '10.1.0' - '10.2.0' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: 17 distribution: temurin @@ -70,7 +70,7 @@ jobs: with: keeper-secret-config: ${{ secrets.KSM_CONFIG }} - - uses: docker/login-action@v3 + - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ${{ vars.BONITASOFT_DOCKER_REGISTRY }} username: ${{ env.JFROG_USER }} diff --git a/.github/workflows/check-commit-message.yml b/.github/workflows/check-commit-message.yml index 58ecfbd4..00eae6c7 100644 --- a/.github/workflows/check-commit-message.yml +++ b/.github/workflows/check-commit-message.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check Commit Type - uses: gsactions/commit-message-checker@v2 + uses: gsactions/commit-message-checker@16fa2d5de096ae0d35626443bcd24f1e756cafee # v2.0.0 with: pattern: '^\S+\((.+)\):\s(.+)$' flags: 'gm' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7a56ec8c..ad5c5689 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -36,11 +36,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -49,7 +49,7 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: 17 distribution: temurin @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -71,4 +71,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 878f4015..76d70dd6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,11 +15,11 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: ref: ${{ github.event.inputs.tag }} - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: temurin java-version: 17 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71b7afe5..7f09b928 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,12 +25,12 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: fetch-depth: "0" - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: temurin java-version: 17 diff --git a/.github/workflows/workflow-update-spec.yml b/.github/workflows/workflow-update-spec.yml index d23f4169..b0c62c42 100644 --- a/.github/workflows/workflow-update-spec.yml +++ b/.github/workflows/workflow-update-spec.yml @@ -18,9 +18,9 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: 17 distribution: temurin @@ -37,7 +37,7 @@ jobs: ./mvnw -B -ntp clean verify - name: Open Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 id: create-pr with: branch: feat/update-bonita-openapi-spec