From 55712d48e8379fee5148ff9e6f6dad43062781f2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 21:35:30 +0000 Subject: [PATCH] deps: pin dependencies --- .github/workflows/build-and-test.yml | 40 ++++++++++++------------ .github/workflows/docker-build.yml | 18 +++++------ .github/workflows/release.yml | 6 ++-- .github/workflows/scorecard-analysis.yml | 6 ++-- .github/workflows/static-analysis.yml | 32 +++++++++---------- .github/workflows/wrapper-validation.yml | 4 +-- 6 files changed, 53 insertions(+), 53 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 7b1b75819cd60..7d63d29a94e9f 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -18,9 +18,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Build all classes @@ -33,39 +33,39 @@ jobs: security-events: write steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3 with: languages: java tools: linked - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Build all classes run: ./gradlew -Dorg.gradle.jvmargs=-Xmx1g classes - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3 test: needs: build runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Run unit tests run: ./gradlew --scan test jacocoTestReport - name: Create Test Summary - uses: test-summary/action@v2 + uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2 with: paths: "**/test-results/**/TEST-*.xml" if: always() - name: Upload code coverage data - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4 with: token: ${{ secrets.CODECOV_TOKEN }} flags: test @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: submodules: recursive - name: Set tool version environment variables @@ -105,18 +105,18 @@ jobs: curl -Os https://raw.githubusercontent.com/nexB/scancode-toolkit/v$SCANCODE_VERSION/requirements.txt pip install --no-cache-dir --constraint requirements.txt scancode-toolkit==$SCANCODE_VERSION - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Run functional tests that do not require external tools run: ./gradlew --scan -Ptests.exclude=org.ossreviewtoolkit.plugins.packagemanagers.* funTest jacocoFunTestReport - name: Create Test Summary - uses: test-summary/action@v2 + uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2 with: paths: "**/test-results/**/TEST-*.xml" if: always() - name: Upload code coverage data - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4 with: token: ${{ secrets.CODECOV_TOKEN }} flags: funTest-non-docker @@ -124,15 +124,15 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: submodules: recursive - name: Free Disk Space uses: ./.github/actions/free-disk-space - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3 - name: Build ORT Docker Image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6 with: context: . load: true @@ -140,7 +140,7 @@ jobs: target: all-tools cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ github.repository_owner }}/ort:cache - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Run functional tests that do require external tools @@ -158,12 +158,12 @@ jobs: ${{ env.TEST_IMAGE_TAG }} \ -c "./gradlew --scan -Ptests.include=org.ossreviewtoolkit.plugins.packagemanagers.* funTest jacocoFunTestReport" - name: Create Test Summary - uses: test-summary/action@v2 + uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2 with: paths: "**/test-results/**/TEST-*.xml" if: always() - name: Upload code coverage data - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4 with: token: ${{ secrets.CODECOV_TOKEN }} flags: funTest-docker diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 5342ba83f3ca9..95cf4f3efcb82 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -21,13 +21,13 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 - name: Free Disk Space uses: ./.github/actions/free-disk-space - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Get ORT version @@ -35,16 +35,16 @@ jobs: ORT_VERSION=$(./gradlew -q properties --property version | sed -nr "s/version: (.+)/\1/p") echo "ORT_VERSION=${ORT_VERSION}" >> $GITHUB_ENV - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3 - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract Metadata for 'ort' Docker Image id: meta-ort - uses: docker/metadata-action@v5 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 with: images: | ${{ env.REGISTRY }}/${{ github.repository_owner }}/ort @@ -56,7 +56,7 @@ jobs: type=sha - name: Build & Push 'ort' Docker Image if: ${{ github.event_name != 'pull_request' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6 with: context: . push: true @@ -67,7 +67,7 @@ jobs: build-args: ORT_VERSION=${{ env.ORT_VERSION }} - name: Build 'ort' Docker Image if: ${{ github.event_name == 'pull_request' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6 with: context: . tags: ${{ steps.meta-ort.outputs.tags }} @@ -76,7 +76,7 @@ jobs: build-args: ORT_VERSION=${{ env.ORT_VERSION }} - name: Extract Metadata for 'ort-minimal' Docker Image id: meta-ort-minimal - uses: docker/metadata-action@v5 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 with: images: | ${{ env.REGISTRY }}/${{ github.repository_owner }}/ort-minimal @@ -87,7 +87,7 @@ jobs: type=ref,event=tag type=sha - name: Build & Push 'ort-minimal' Docker Image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6 with: context: . # Do not "cache-to" here to not overwrite additional layers from the "full" image, which also contains all diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a28ee0dad4d49..a37673a3847c1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,12 +25,12 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: ref: ${{ env.ORT_VERSION }} fetch-depth: 0 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Publish to OSSRH @@ -56,7 +56,7 @@ jobs: ./cli/build/distributions/ort-$ORT_VERSION.{tgz,zip}* \ ./helper-cli/build/distributions/orth-$ORT_VERSION.{tgz,zip}* - name: Attest Build Provenance - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1 with: subject-path: | ./cli/build/distributions/ort-${{ env.ORT_VERSION }}.tgz diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 8c8ae81a329ac..bf3386d0c7ddd 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -20,16 +20,16 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: persist-credentials: false - name: Run Analysis - uses: ossf/scorecard-action@v2.3.3 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: ossf-results.sarif results_format: sarif publish_results: true - name: Upload Code Scanning Results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3 with: sarif_file: ossf-results.sarif diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index c76a98d65ebae..cd19d4e3b4b60 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -16,20 +16,20 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 - name: Check Commit Messages - uses: wagoid/commitlint-github-action@v6 + uses: wagoid/commitlint-github-action@7f0a61df502599e1f1f50880aaa7ec1e2c0592f2 # v6 with: configFile: .commitlintrc.yml code-base-checks: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Check copyrights, license headers, and .gitattributes @@ -41,9 +41,9 @@ jobs: security-events: write steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3 with: gradle-home-cache-cleanup: true - name: Check for Detekt Issues @@ -51,7 +51,7 @@ jobs: - name: Check for Detekt Issues with type resolution run: ./gradlew detektMain detektTestFixtures detektTest detektFunTest - name: Upload SARIF File - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3 if: always() # Upload even if the previous step failed. with: sarif_file: build/reports/detekt/merged.sarif @@ -59,9 +59,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Check Links - uses: gaurav-nelson/github-action-markdown-link-check@v1 + uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 with: base-branch: main check-modified-files-only: yes @@ -71,11 +71,11 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - name: Check for Markdown issues run: | npm install -g markdownlint-rule-max-one-sentence-per-line@0.0.2 @@ -88,25 +88,25 @@ jobs: security-events: write steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 - name: Qodana Scan - uses: JetBrains/qodana-action@v2024.1.8 + uses: JetBrains/qodana-action@c96b39a84dea25f2a24b38a3f6e89903306d5e2a # v2024.1.8 with: post-pr-comment: false use-caches: false - name: Upload Code Scanning Results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3 with: sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json reuse-tool: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 with: python-version: "3.10" cache: pip diff --git a/.github/workflows/wrapper-validation.yml b/.github/workflows/wrapper-validation.yml index 9c7fce650c07d..ef90ad1a0df83 100644 --- a/.github/workflows/wrapper-validation.yml +++ b/.github/workflows/wrapper-validation.yml @@ -13,6 +13,6 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Validate Wrapper - uses: gradle/actions/wrapper-validation@v3 + uses: gradle/actions/wrapper-validation@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3