diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index db4c4598843..df69c065569 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,15 +38,15 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: 17 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -71,4 +71,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3 diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index e5625906476..94437e22d25 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -18,7 +18,7 @@ jobs: contents: read steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "🔍 Check if we should skip publish" id: check_prevent_property run: | @@ -39,14 +39,14 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: ${{ matrix.java }} - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "🔨 Build project" @@ -63,14 +63,14 @@ jobs: runs-on: ubuntu-latest steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📤 Publish Snapshot Artifacts to Artifactory (repo.grails.org/libs-snapshot-local)" diff --git a/.github/workflows/groovy-joint-workflow.yml b/.github/workflows/groovy-joint-workflow.yml index 0fe1d42d3f6..e98eb12b483 100644 --- a/.github/workflows/groovy-joint-workflow.yml +++ b/.github/workflows/groovy-joint-workflow.yml @@ -16,17 +16,17 @@ jobs: groovyVersion: ${{ steps.groovy-version.outputs.value }} steps: - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: 17 - name: "🗄ī¸ Cache local Maven repository" - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: ~/.m2/repository key: cache-local-maven-${{ github.sha }} - name: "đŸ“Ĩ Checkout Grails Core to fetch Gradle Plugin versions it uses" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: sparse-checkout-cone-mode: false sparse-checkout: settings.gradle @@ -43,7 +43,7 @@ jobs: - name: "đŸ“Ĩ Checkout Groovy 4_0_X (Grails 7 and later)" run: git clone --depth 1 https://github.com/apache/groovy.git -b GROOVY_4_0_X --single-branch - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📝 Store Groovy version to use when building Grails" @@ -117,18 +117,18 @@ jobs: runs-on: ubuntu-latest steps: - name: "đŸ“Ĩ Checkout project" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "🗄ī¸ Restore local Maven repository from cache" - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: ~/.m2/repository key: cache-local-maven-${{ github.sha }} diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml index 796a586cdd5..d98bfc42fed 100644 --- a/.github/workflows/pre-release.yml +++ b/.github/workflows/pre-release.yml @@ -280,7 +280,7 @@ jobs: -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/${{ github.repository_owner }}/packages/maven/org.grails.grails-web-mvc || true - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "🛑 Set Prevent Snapshot Publishing Flag" if: ${{ github.event.inputs.preventSnapshots }} run: | @@ -298,12 +298,12 @@ jobs: echo "Publishing already disabled." fi - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'liberica' java-version: '17' - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - name: "⚙ Set version to ${{ github.event.inputs.targetVersion }}" diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml index f40a82c4567..a4b35828a54 100644 --- a/.github/workflows/release-notes.yml +++ b/.github/workflows/release-notes.yml @@ -19,6 +19,6 @@ jobs: runs-on: ubuntu-latest steps: - name: "📝 Update Release Draft" - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6 env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 23847105697..de7a11e6a72 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -274,7 +274,7 @@ jobs: -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/${{ github.repository_owner }}/packages/maven/org.grails.grails-web-mvc || true - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "⎌ Revert Prevent Snapshot Publishing Flag" run: | sed -i "s/^preventSnapshotPublish.*$/preventSnapshotPublish\=false/" gradle.properties @@ -290,12 +290,12 @@ jobs: echo "Publishing already enabled." fi - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📝 Store the target branch" @@ -361,17 +361,17 @@ jobs: contents: read # limit to read access steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.GH_TOKEN }} ref: v${{ needs.publish.outputs.release_version }} - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "đŸšĒ Nexus Staging Close And Release" diff --git a/.github/workflows/retry-release.yml b/.github/workflows/retry-release.yml index 9988e1b4bdb..8298e8dd8a3 100644 --- a/.github/workflows/retry-release.yml +++ b/.github/workflows/retry-release.yml @@ -20,7 +20,7 @@ jobs: GIT_USER_EMAIL: 'grails-build@users.noreply.github.com' steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: "v${{ github.event.inputs.release }}" token: ${{ secrets.GH_TOKEN }} @@ -30,7 +30,7 @@ jobs: distribution: liberica java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "📝 Store the target branch" diff --git a/.github/workflows/sdkman.yml b/.github/workflows/sdkman.yml index 013bd36160c..1dc8498fb77 100644 --- a/.github/workflows/sdkman.yml +++ b/.github/workflows/sdkman.yml @@ -12,17 +12,17 @@ jobs: contents: read steps: - name: "đŸ“Ĩ Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.GH_TOKEN }} ref: v${{ github.event.inputs.version }} - name: "☕ī¸ Setup JDK" - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: liberica java-version: 17 - name: "🐘 Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 with: develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - name: "🏆 Grails SDK Minor Release"