From 0c466066bf1db1aff73e8392e2578e96b0d51400 Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson Date: Fri, 13 Dec 2024 18:57:10 -0500 Subject: [PATCH] Update Github Actions actions and pin to specific commits Signed-off-by: Andrew Gunnerson --- .github/workflows/ci.yml | 15 +++++++-------- .github/workflows/deny.yml | 5 ++--- .github/workflows/release.yml | 5 ++--- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b5f4f5..1b99c46 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,3 @@ ---- on: push: branches: @@ -10,15 +9,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true - name: Validate gradle wrapper checksum - uses: gradle/actions/wrapper-validation@v3 + uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 with: distribution: 'temurin' java-version: 21 @@ -38,7 +37,7 @@ jobs: rustup target add x86_64-linux-android - name: Cache Rust dependencies - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 # We currently use the old eagerly evaluated android.ndkDirectory value in # app/build.gradle.kts instead of the new lazily evaluated @@ -87,7 +86,7 @@ jobs: android_api: '31' steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # For git describe fetch-depth: 0 @@ -116,7 +115,7 @@ jobs: done - name: Cache Rust dependencies - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 with: key: ${{ matrix.artifact.name }} @@ -165,7 +164,7 @@ jobs: esac - name: Archive artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: custota-tool-${{ steps.get_version.outputs.version }}-${{ matrix.artifact.name }} path: | diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml index 3386d9b..4b3ddc7 100644 --- a/.github/workflows/deny.yml +++ b/.github/workflows/deny.yml @@ -1,4 +1,3 @@ ---- name: cargo-deny on: push: @@ -11,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run cargo-deny - uses: EmbarkStudios/cargo-deny-action@v1 + uses: EmbarkStudios/cargo-deny-action@e2f4ede4a4e60ea15ff31bc0647485d80c66cfba # v2.0.4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9c39c4d..718894d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,3 @@ ---- on: push: # Uncomment to test against a branch @@ -24,10 +23,10 @@ jobs: echo "version=${version}" >> "${GITHUB_OUTPUT}" - name: Check out repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: tag_name: v${{ steps.get_version.outputs.version }} name: Version ${{ steps.get_version.outputs.version }}