diff --git a/.github/actions/action-build-image/action.yml b/.github/actions/action-build-image/action.yml index 3338225..3c71c31 100644 --- a/.github/actions/action-build-image/action.yml +++ b/.github/actions/action-build-image/action.yml @@ -36,13 +36,13 @@ runs: using: "composite" steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download a single artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ inputs.artifact-name }} - name: Login to Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: registry: ${{ inputs.registry }} username: ${{ inputs.registry-username }} @@ -50,13 +50,13 @@ runs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 with: images: "${{ inputs.registry }}/${{ github.repository }}/${{ inputs.image-name }}" tags: ${{inputs.image-tags}} labels: ${{inputs.image-labels}} - name: Build and push image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 with: context: ./${{ inputs.path }} push: true diff --git a/.github/actions/action-codeql/action.yml b/.github/actions/action-codeql/action.yml index 6f454b8..0304790 100644 --- a/.github/actions/action-codeql/action.yml +++ b/.github/actions/action-codeql/action.yml @@ -31,7 +31,7 @@ runs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK if: inputs.codeql-language == 'java-kotlin' && inputs.codeql-buildmode == 'autobuild' - uses: actions/setup-java@v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: java-version: ${{ inputs.java-version }} distribution: "temurin" diff --git a/.github/actions/action-maven-build/action.yml b/.github/actions/action-maven-build/action.yml index 3202d10..64815e6 100644 --- a/.github/actions/action-maven-build/action.yml +++ b/.github/actions/action-maven-build/action.yml @@ -16,9 +16,9 @@ runs: using: "composite" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: java-version: ${{ inputs.java-version }} distribution: "temurin" @@ -32,7 +32,7 @@ runs: shell: bash - id: upload-artifact name: "Upload Artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: ${{steps.artifact-name.outputs.artifact-name}} path: "**/target" diff --git a/.github/actions/action-maven-release/action.yml b/.github/actions/action-maven-release/action.yml index f5867e4..d21df3a 100644 --- a/.github/actions/action-maven-release/action.yml +++ b/.github/actions/action-maven-release/action.yml @@ -26,9 +26,9 @@ runs: steps: # Checkout source code, set up Java, etc. Then... - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: java-version: ${{ inputs.java-version }} distribution: "temurin" @@ -49,7 +49,7 @@ runs: run: echo "artifact-name=${{hashFiles(format('./{0}/pom.xml', inputs.app-path))}}" >> "$GITHUB_OUTPUT" shell: bash - name: "Upload Artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: ${{steps.artifact-name.outputs.artifact-name}} path: "**/target" diff --git a/.github/actions/action-npm-build/action.yml b/.github/actions/action-npm-build/action.yml index 978374e..545262a 100644 --- a/.github/actions/action-npm-build/action.yml +++ b/.github/actions/action-npm-build/action.yml @@ -15,9 +15,9 @@ outputs: runs: using: "composite" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: ${{ inputs.node-version }} cache: "npm" @@ -38,7 +38,7 @@ runs: run: echo "artifact-name=${{hashFiles(format('./{0}/package.json', matrix.app-path))}}" >> "$GITHUB_OUTPUT" shell: bash - name: "Upload Artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: ${{steps.artifact-name.outputs.artifact-name}} path: "**/dist" diff --git a/.github/workflows/reuseable-template-deploy-pages.yml b/.github/workflows/reuseable-template-deploy-pages.yml index a1782ff..75fc25d 100644 --- a/.github/workflows/reuseable-template-deploy-pages.yml +++ b/.github/workflows/reuseable-template-deploy-pages.yml @@ -28,23 +28,23 @@ jobs: working-directory: ${{ inputs.sub-path }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 # Not needed if lastUpdated is not enabled - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: 20 cache: npm # or pnpm / yarn cache-dependency-path: "${{ inputs.sub-path }}/package-lock.json" - name: Setup Pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 - name: Install dependencies run: npm ci # or pnpm install / yarn install / bun install - name: Build with VitePress run: npm run docs:build # or pnpm docs:build / yarn docs:build / bun run docs:build - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: ${{ inputs.sub-path }}/docs/.vitepress/dist @@ -59,4 +59,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/workflow-templates/ release-maven-image.yaml b/workflow-templates/ release-maven-image.yaml index bafe5ff..97346b8 100644 --- a/workflow-templates/ release-maven-image.yaml +++ b/workflow-templates/ release-maven-image.yaml @@ -57,7 +57,7 @@ jobs: steps: - name: Create GitHub Release id: create_release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 with: tag_name: ${{needs.release-maven.outputs.MVN_ARTIFACT_ID}}-${{ github.event.inputs.releaseVersion }} draft: false diff --git a/workflow-templates/dependency-review.yaml b/workflow-templates/dependency-review.yaml index 273bef7..711caf1 100644 --- a/workflow-templates/dependency-review.yaml +++ b/workflow-templates/dependency-review.yaml @@ -8,8 +8,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Dependency Review - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4 with: config-file: it-at-m/.github/workflow-configs/dependency_review.yaml@main diff --git a/workflow-templates/maven-node-build.yaml b/workflow-templates/maven-node-build.yaml index 8290d51..2eafee9 100644 --- a/workflow-templates/maven-node-build.yaml +++ b/workflow-templates/maven-node-build.yaml @@ -13,7 +13,7 @@ jobs: - app-path: # z. B. refarch-eai - app-path: # z. B. refarch-webcomponent steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - if: ${{hashFiles(format('./{0}/package.json', matrix.app-path))!=null}} id: node uses: it-at-m/.github/.github/actions/action-npm-build@main