From d6d00c28a6176184a5898837ca81219a2a9d238a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 17:42:51 +0000 Subject: [PATCH] Pin all GitHub Actions uses directives to full commit SHA values Agent-Logs-Url: https://github.com/klibio/example.pde.rcp/sessions/02975099-177e-4a13-9ba7-b20bd6e5fcfb Co-authored-by: peterkir <250545+peterkir@users.noreply.github.com> --- .github/workflows/10_build-validation.yml | 54 ++++++++++---------- .github/workflows/20_snapshot-deployment.yml | 4 +- .github/workflows/30_release-deployment.yml | 4 +- .github/workflows/40_product-validation.yml | 14 ++--- .github/workflows/codeql.yml | 8 +-- .github/workflows/jekyll-gh-pages.yml | 10 ++-- 6 files changed, 47 insertions(+), 47 deletions(-) diff --git a/.github/workflows/10_build-validation.yml b/.github/workflows/10_build-validation.yml index 1a8a787..966b830 100644 --- a/.github/workflows/10_build-validation.yml +++ b/.github/workflows/10_build-validation.yml @@ -17,9 +17,9 @@ jobs: steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: 'temurin' java-version: | @@ -58,21 +58,21 @@ jobs: [[ $NUM_REPO_SDK -ne 0 ]] & echo "sdk repo existing!" - name: upload repo.binary - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: repo.binary path: releng/repo.binary/target/repo.binary-*.zip if-no-files-found: warn - name: upload repo.sdk - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: repo.sdk path: releng/repo.sdk/target/repo.sdk-*.zip if-no-files-found: warn - name: upload repo.products - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: repo.products path: releng/products/target/**/**/products-*.zip @@ -200,7 +200,7 @@ jobs: - name: upload styled test and coverage reports if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: ci-reports-styled path: .ci-reports/** @@ -208,147 +208,147 @@ jobs: - name: upload coverage html if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: coverage-html path: tests/example.rcp.tests.reports/target/site/** if-no-files-found: warn - name: upload feature-product linux x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.feature.product-linux.gtk.x86_64 path: releng/products/target/**/**/example.rcp.app.ui.feature.product-*linux.gtk.x86_64.tar.gz if-no-files-found: warn - name: upload feature-product linux aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.feature.product-linux.gtk.aarch64 path: releng/products/target/**/example.rcp.app.ui.feature.product-*linux.gtk.aarch64.tar.gz if-no-files-found: warn - name: upload feature-product macosx x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.feature.product-macosx.cocoa.x86_64 path: releng/products/target/**/example.rcp.app.ui.feature.product-*macosx.cocoa.x86_64.tar.gz if-no-files-found: warn - name: upload feature-product macosx aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.feature.product-macosx.cocoa.aarch64 path: releng/products/target/**/example.rcp.app.ui.feature.product-*macosx.cocoa.aarch64.tar.gz if-no-files-found: warn - name: upload feature-product win32 x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.feature.product-win32.win32.x86_64 path: releng/products/target/**/example.rcp.app.ui.feature.product-*win32.win32.x86_64.zip if-no-files-found: warn - name: upload plugin-product linux x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.plugin.product-linux.gtk.x86_64 path: releng/products/target/**/example.rcp.app.ui.plugin.product-*linux.gtk.x86_64.tar.gz if-no-files-found: warn - name: upload plugin-product linux aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.plugin.product-linux.gtk.aarch64 path: releng/products/target/**/example.rcp.app.ui.plugin.product-*linux.gtk.aarch64.tar.gz if-no-files-found: warn - name: upload plugin-product macosx x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.plugin.product-macosx.cocoa.x86_64 path: releng/products/target/**/example.rcp.app.ui.plugin.product-*macosx.cocoa.x86_64.tar.gz if-no-files-found: warn - name: upload plugin-product macosx aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.plugin.product-macosx.cocoa.aarch64 path: releng/products/target/**/example.rcp.app.ui.plugin.product-*macosx.cocoa.aarch64.tar.gz if-no-files-found: warn - name: upload plugin-product win32 x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.plugin.product-win32.win32.x86_64 path: releng/products/target/**/example.rcp.app.ui.plugin.product-*win32.win32.x86_64.zip if-no-files-found: warn - name: upload mixed-product linux x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.mixed.product-linux.gtk.x86_64 path: releng/products/target/**/example.rcp.app.ui.mixed.product-*linux.gtk.x86_64.tar.gz if-no-files-found: warn - name: upload mixed-product linux aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.mixed.product-linux.gtk.aarch64 path: releng/products/target/**/example.rcp.app.ui.mixed.product-*linux.gtk.aarch64.tar.gz if-no-files-found: warn - name: upload mixed-product macosx x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.mixed.product-macosx.cocoa.x86_64 path: releng/products/target/**/example.rcp.app.ui.mixed.product-*macosx.cocoa.x86_64.tar.gz if-no-files-found: warn - name: upload mixed-product macosx aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.mixed.product-macosx.cocoa.aarch64 path: releng/products/target/**/example.rcp.app.ui.mixed.product-*macosx.cocoa.aarch64.tar.gz if-no-files-found: warn - name: upload mixed-product win32 x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.app.ui.mixed.product-win32.win32.x86_64 path: releng/products/target/**/example.rcp.app.ui.mixed.product-*win32.win32.x86_64.zip if-no-files-found: warn - name: upload headless-product linux x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.headless.feature.product-linux.gtk.x86_64 path: releng/products/target/**/example.rcp.headless.feature.product-*linux.gtk.x86_64.tar.gz if-no-files-found: warn - name: upload headless-product linux aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.headless.feature.product-linux.gtk.aarch64 path: releng/products/target/**/example.rcp.headless.feature.product-*linux.gtk.aarch64.tar.gz if-no-files-found: warn - name: upload headless-product macosx x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.headless.feature.product-macosx.cocoa.x86_64 path: releng/products/target/**/example.rcp.headless.feature.product-*macosx.cocoa.x86_64.tar.gz if-no-files-found: warn - name: upload headless-product macosx aarch64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.headless.feature.product-macosx.cocoa.aarch64 path: releng/products/target/**/example.rcp.headless.feature.product-*macosx.cocoa.aarch64.tar.gz if-no-files-found: warn - name: upload headless-product win32 x86_64 - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: example.rcp.headless.feature.product-win32.win32.x86_64 path: releng/products/target/**/example.rcp.headless.feature.product-*win32.win32.x86_64.zip diff --git a/.github/workflows/20_snapshot-deployment.yml b/.github/workflows/20_snapshot-deployment.yml index 0dd13d6..088d27e 100644 --- a/.github/workflows/20_snapshot-deployment.yml +++ b/.github/workflows/20_snapshot-deployment.yml @@ -19,9 +19,9 @@ jobs: steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: 'temurin' java-version: | diff --git a/.github/workflows/30_release-deployment.yml b/.github/workflows/30_release-deployment.yml index f6f75c3..90e62a6 100644 --- a/.github/workflows/30_release-deployment.yml +++ b/.github/workflows/30_release-deployment.yml @@ -26,9 +26,9 @@ jobs: steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: 'temurin' java-version: | diff --git a/.github/workflows/40_product-validation.yml b/.github/workflows/40_product-validation.yml index 8251874..ff6569c 100644 --- a/.github/workflows/40_product-validation.yml +++ b/.github/workflows/40_product-validation.yml @@ -37,9 +37,9 @@ jobs: steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: 'temurin' java-version: '21' @@ -73,7 +73,7 @@ jobs: # Download platform-specific product archives # ---------------------------------------------------------------- - name: download feature product (${{ matrix.platform }}) - uses: dawidd6/action-download-artifact@v19 + uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: workflow: 10_build-validation.yml workflow_conclusion: success @@ -82,7 +82,7 @@ jobs: path: artifacts/feature - name: download plugin product (${{ matrix.platform }}) - uses: dawidd6/action-download-artifact@v19 + uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: workflow: 10_build-validation.yml workflow_conclusion: success @@ -91,7 +91,7 @@ jobs: path: artifacts/plugin - name: download mixed product (${{ matrix.platform }}) - uses: dawidd6/action-download-artifact@v19 + uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: workflow: 10_build-validation.yml workflow_conclusion: success @@ -100,7 +100,7 @@ jobs: path: artifacts/mixed - name: download headless product (${{ matrix.platform }}) - uses: dawidd6/action-download-artifact@v19 + uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: workflow: 10_build-validation.yml workflow_conclusion: success @@ -459,7 +459,7 @@ jobs: # ---------------------------------------------------------------- - name: upload product logs if: always() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: product-logs-${{ matrix.platform }} path: products/**/*.log diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0055108..8fd667c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,15 +19,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: 'temurin' java-version: '21' - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4 with: languages: java @@ -46,6 +46,6 @@ jobs: continue-on-error: true - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4 with: category: "/language:java" diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml index 71888df..aad5447 100644 --- a/.github/workflows/jekyll-gh-pages.yml +++ b/.github/workflows/jekyll-gh-pages.yml @@ -34,18 +34,18 @@ jobs: if: ${{ github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Inject source revision for docs run: 'echo "source_revision: ${GITHUB_SHA}" >> _doc/_config.yml' - name: Setup Pages - uses: actions/configure-pages@v6 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6 - name: Build with Jekyll - uses: actions/jekyll-build-pages@v1 + uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1 with: source: ./_doc destination: ./_site - name: Upload artifact - uses: actions/upload-pages-artifact@v4 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 # Deployment job deploy: @@ -57,4 +57,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v5 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5