From 3d65923194f2b6fd60f5927410aefd7484c21899 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 10 Sep 2025 08:34:19 +0200 Subject: [PATCH 1/4] Update ghasum version and action template --- .github/actions/ghasum/action.yml | 201 +++++++++++++++++++++++++++--- 1 file changed, 181 insertions(+), 20 deletions(-) diff --git a/.github/actions/ghasum/action.yml b/.github/actions/ghasum/action.yml index d7d463295..7cceccfde 100644 --- a/.github/actions/ghasum/action.yml +++ b/.github/actions/ghasum/action.yml @@ -5,43 +5,204 @@ inputs: description: Update or verify checksums. Valid options are "update" and "verify". required: false default: "verify" + checksum: + description: The checksum of the ghasum checksums file + required: false + default: 95d891957f28101aff06353c1dd74dd98145327ea568eb9d81e80a4bfd623ddaed461eb55b34148ec977ea92f57f01cbf7949682947d7586fcb31a47c725aca2 # Set the 'checksums-sha512.txt' file's checksum. + version: + description: The version of ghasum to use + required: false + default: v0.6.0 # Set the ghasum version. runs: using: composite steps: - - name: Downloading ghasum + # Unix download + - name: Initialize ghasum directory + if: runner.os == 'macOS' || runner.os == 'Linux' + shell: bash + run: mkdir -p /tmp/ghasum + - name: Download ghasum checksums + if: runner.os == 'macOS' || runner.os == 'Linux' + shell: bash + working-directory: /tmp/ghasum env: - VERSION: v0.5.1 - CHECKSUM: 57270991fee8c7e0f00f5d27c36f514c1743621f11bd53685c3153477a4929de2851f2fb7d4a3f5b2a68c85203b35759d580a023544665b466a3298047034c64 + CHECKSUM: ${{ inputs.checksum }} GH_TOKEN: ${{ github.token }} + VERSION: ${{ inputs.version }} run: | - # Download the ghasum CLI - ARTIFACT="ghasum_linux_amd64.tar.gz" - gh release download "${VERSION}" --repo chains-project/ghasum --pattern "${ARTIFACT}" - echo "${CHECKSUM} ${ARTIFACT}" | shasum -a 512 -c - - tar -xf "${ARTIFACT}" + ARTIFACT='checksums-sha512.txt' + gh release download "$VERSION" --repo chains-project/ghasum --pattern "$ARTIFACT" + echo "$CHECKSUM $ARTIFACT" | shasum -a 256 -c - - shell: bash + # Windows download + - name: Initialize ghasum directory + if: runner.os == 'Windows' + shell: pwsh + run: mkdir C:\ghasum + - name: Download ghasum checksums + if: runner.os == 'Windows' + shell: pwsh + working-directory: C:\ghasum + env: + CHECKSUM: ${{ inputs.checksum }} + GH_TOKEN: ${{ github.token }} + VERSION: ${{ inputs.version }} + run: | + $ARTIFACT = "checksums-sha512.txt" + gh release download "$env:VERSION" --repo chains-project/ghasum --pattern "$ARTIFACT" + if ((Get-FileHash -Algorithm SHA256 "$ARTIFACT").Hash -ne "$env:CHECKSUM") { + Write-Error 'Checksum mismatch!' + exit 1 + } else { + Write-Host 'Checksum match' + } - - name: Verifying action checksums - if: inputs.mode == 'verify' + # macOS + - name: Pick the ghasum CLI (amd64) + if: runner.os == 'macOS' && runner.arch == 'X64' + id: pick-macos-amd64 + shell: bash + run: echo 'artifact=ghasum_darwin_amd64.tar.gz' >>"$GITHUB_OUTPUT" + - name: Pick the ghasum CLI (arm64) + if: runner.os == 'macOS' && runner.arch == 'ARM64' + id: pick-macos-arm64 + shell: bash + run: echo 'artifact=ghasum_darwin_arm64.tar.gz' >>"$GITHUB_OUTPUT" + - name: Download the ghasum CLI + if: runner.os == 'macOS' + shell: bash + working-directory: /tmp/ghasum + env: + ARTIFACT: ${{ steps.pick-macos-amd64.outputs.artifact || steps.pick-macos-arm64.outputs.artifact }} + GH_TOKEN: ${{ github.token }} + VERSION: ${{ inputs.version }} + run: | + gh release download "$VERSION" --repo chains-project/ghasum --pattern "$ARTIFACT" + shasum --check --ignore-missing checksums-sha512.txt + tar -xf "$ARTIFACT" + - name: Verify the action checksums + if: runner.os == 'macOS' && inputs.mode == 'verify' + shell: bash env: JOB: ${{ github.job }} WORKFLOW: ${{ github.workflow_ref }} run: | - # Verify the action checksums - WORKFLOW=$(echo "${WORKFLOW}" | cut -d '@' -f 1 | cut -d '/' -f 3-5) - ./ghasum verify -cache /home/runner/work/_actions -no-evict -offline "${WORKFLOW}:${JOB}" + WORKFLOW=$(echo "$WORKFLOW" | cut -d '@' -f 1 | cut -d '/' -f 3-5) + /tmp/ghasum/ghasum verify -cache /Users/runner/work/_actions -no-evict -offline "$WORKFLOW:$JOB" + - name: Updating action checksums + if: runner.os == 'macOS' && inputs.mode == 'update' shell: bash + run: | + /tmp/ghasum/ghasum update -force - - name: Updating action checksums - if: inputs.mode == 'update' + # Linux + - name: Pick the ghasum CLI (amd64) + if: runner.os == 'Linux' && runner.arch == 'X64' + id: pick-linux-amd64 + shell: bash + run: echo 'artifact=ghasum_linux_amd64.tar.gz' >>"$GITHUB_OUTPUT" + - name: Pick the ghasum CLI (arm64) + if: runner.os == 'Linux' && runner.arch == 'ARM64' + id: pick-linux-arm64 + shell: bash + run: echo 'artifact=ghasum_linux_arm64.tar.gz' >>"$GITHUB_OUTPUT" + - name: Download the ghasum CLI + if: runner.os == 'Linux' + shell: bash + working-directory: /tmp/ghasum + env: + ARTIFACT: ${{ steps.pick-linux-amd64.outputs.artifact || steps.pick-linux-arm64.outputs.artifact }} + GH_TOKEN: ${{ github.token }} + VERSION: ${{ inputs.version }} + run: | + gh release download "$VERSION" --repo chains-project/ghasum --pattern "$ARTIFACT" + shasum --check --ignore-missing checksums-sha512.txt + tar -xf "$ARTIFACT" + - name: Verify the action checksums + if: runner.os == 'Linux' && inputs.mode == 'verify' + shell: bash + env: + JOB: ${{ github.job }} + WORKFLOW: ${{ github.workflow_ref }} run: | - # Update the action checksums - ./ghasum update -force + WORKFLOW=$(echo "$WORKFLOW" | cut -d '@' -f 1 | cut -d '/' -f 3-5) + /tmp/ghasum/ghasum verify -cache /home/runner/work/_actions -no-evict -offline "$WORKFLOW:$JOB" + - name: Updating action checksums + if: runner.os == 'Linux' && inputs.mode == 'update' shell: bash + run: | + /tmp/ghasum/ghasum update -force - - name: Remove ghasum binary + # Windows + - name: Pick the ghasum CLI (amd64) + if: runner.os == 'Windows' && runner.arch == 'X64' + id: pick-windows-amd64 + shell: pwsh run: | - rm -f ghasum ghasum_linux_amd64.tar.gz + 'artifact=ghasum_windows_amd64.zip' >>"$env:GITHUB_OUTPUT" + - name: Pick the ghasum CLI (arm64) + if: runner.os == 'Windows' && runner.arch == 'ARM64' + id: pick-windows-arm64 + shell: pwsh + run: | + 'artifact=ghasum_windows_arm64.zip' >>"$env:GITHUB_OUTPUT" + - name: Download the ghasum CLI + if: runner.os == 'Windows' + shell: pwsh + working-directory: C:\ghasum + env: + ARTIFACT: ${{ steps.pick-windows-amd64.outputs.artifact || steps.pick-windows-arm64.outputs.artifact }} + GH_TOKEN: ${{ github.token }} + VERSION: ${{ inputs.version }} + run: | + gh release download "$env:VERSION" --repo chains-project/ghasum --pattern "$env:ARTIFACT" + $line = Get-Content checksums-sha512.txt | Where-Object { $_ -match "\b$env:ARTIFACT$" } + if (-not $line) { + Write-Error 'Checksum missing' + exit 2 + } else { + if ($line -match "^([a-fA-F0-9]+) $env:ARTIFACT$") { + $want = $matches[1] + $got = (Get-FileHash -Path $env:ARTIFACT -Algorithm SHA512).Hash + if ($got.ToLower() -ne $want.ToLower()) { + Write-Error 'Checksum mismatch' + exit 1 + } else { + Write-Host 'Checksum match' + Expand-Archive -Path "$env:ARTIFACT" -DestinationPath . + } + } else { + Write-Error 'Checksums malformed' + exit 2 + } + } + - name: Verify the action checksums + if: runner.os == 'Windows' && inputs.mode == 'verify' + shell: pwsh + env: + JOB: ${{ github.job }} + WORKFLOW: ${{ github.workflow_ref }} + run: | + $WorkflowParts = $env:WORKFLOW -split '@' + $WorkflowPath = ($WorkflowParts[0] -split '/')[2..4] -join '/' + if (Test-Path -Path 'C:\a\_actions') { + C:\ghasum\ghasum.exe verify -cache C:\a\_actions -no-evict -offline "${WorkflowPath}:$env:JOB" + } else { + C:\ghasum\ghasum.exe verify -cache D:\a\_actions -no-evict -offline "${WorkflowPath}:$env:JOB" + } + - name: Update the action checksums + if: runner.os == 'Windows' && inputs.mode == 'update' + shell: pwsh + run: | + C:\ghasum\ghasum.exe update -force + + # Cleanup + - name: Cleanup (Unix) + if: runner.os == 'macOS' || runner.os == 'Linux' shell: bash + run: rm -rf /tmp/ghasum + - name: Cleanup (Windows) + if: runner.os == 'Windows' + shell: pwsh + run: Remove-Item -Recurse -Force -Path C:\ghasum From 82993ec8da2362425210fd9a663b4be29aca860a Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 10 Sep 2025 09:05:54 +0200 Subject: [PATCH 2/4] Use new template --- .github/workflows/Lockfile.yml | 2 +- .github/workflows/LockfilePR.yml | 2 +- .github/workflows/code-qualitiy.yml | 4 ++-- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/doc.yml | 2 +- .github/workflows/ensure-release-notrunning.yml | 2 +- .github/workflows/ghasum.yml | 2 +- .github/workflows/jreleaser.yml | 2 +- .github/workflows/regenerate-lockfile.yml | 2 +- .github/workflows/smoke-tests.yml | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/Lockfile.yml b/.github/workflows/Lockfile.yml index d7360c578..58a3b9dd1 100644 --- a/.github/workflows/Lockfile.yml +++ b/.github/workflows/Lockfile.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: run maven-lockfile uses: chains-project/maven-lockfile@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 diff --git a/.github/workflows/LockfilePR.yml b/.github/workflows/LockfilePR.yml index ae62661e7..45c74791e 100644 --- a/.github/workflows/LockfilePR.yml +++ b/.github/workflows/LockfilePR.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: run maven-lockfile if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index dd9620568..837db116d 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -34,7 +34,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 @@ -86,7 +86,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d99fbfef6..a29959aa9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 7b9b0a2a0..03c877279 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: Dependency review uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3 diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index 801e9ad6a..6006b7f04 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -30,7 +30,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: Generate action.yml run: mvn generate-resources resources:copy-resources -q diff --git a/.github/workflows/ensure-release-notrunning.yml b/.github/workflows/ensure-release-notrunning.yml index 257250525..2631f92fa 100644 --- a/.github/workflows/ensure-release-notrunning.yml +++ b/.github/workflows/ensure-release-notrunning.yml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: Check for running release action if: ${{ !startsWith(github.head_ref, 'release/') }} diff --git a/.github/workflows/ghasum.yml b/.github/workflows/ghasum.yml index 09557578b..d5f21b51e 100644 --- a/.github/workflows/ghasum.yml +++ b/.github/workflows/ghasum.yml @@ -30,7 +30,7 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Update gha.sum - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT with: mode: update diff --git a/.github/workflows/jreleaser.yml b/.github/workflows/jreleaser.yml index 4fc3b5308..34b4f022f 100644 --- a/.github/workflows/jreleaser.yml +++ b/.github/workflows/jreleaser.yml @@ -39,7 +39,7 @@ jobs: token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/regenerate-lockfile.yml b/.github/workflows/regenerate-lockfile.yml index 25a50ab77..774eba441 100644 --- a/.github/workflows/regenerate-lockfile.yml +++ b/.github/workflows/regenerate-lockfile.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - name: run maven-lockfile uses: chains-project/maven-lockfile@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 9ef888b7c..9d370e46e 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 + uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: From d233b9d9daba4773fc81fe82e25ce88e1cdef042 Mon Sep 17 00:00:00 2001 From: LogFlames <36220731+LogFlames@users.noreply.github.com> Date: Wed, 10 Sep 2025 07:13:28 +0000 Subject: [PATCH 3/4] chore: update ghasum checksums --- .github/workflows/gha.sum | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index 3998b7bae..27820a335 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -9,6 +9,7 @@ actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 Cn0rDfuNlsG0naRPXRAUwU3fAQ9P+sxzfPvU5EcNOQ8= actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= +chains-project/maven-lockfile@3d65923194f2b6fd60f5927410aefd7484c21899 VuxxxpD7x8EBUPC+TK4kOK7ggnepJC0r/3OYgJKSoOg= chains-project/maven-lockfile@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 T38KDM1zM6kwLUBhic4bMVvYmHzH8wpCGj7OdtKZ5vk= github/codeql-action@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 Q+iQ8dD+2vVovYXWYjcua7j5m2abvY0o9LG9AQae7jc= jreleaser/release-action@ad73772277e63d9f2bbf4f24a7bb1300388334d7 uCAaYYuyjM4iq8qflqOt5SzivqVnl3ZXt7vI9BWpHAo= From 56108c2c201353c715a54a2c57a416bea021ce16 Mon Sep 17 00:00:00 2001 From: Elias Lundell Date: Wed, 10 Sep 2025 09:45:31 +0200 Subject: [PATCH 4/4] Revert to 5.6.1, will update to 5.6.2/3 when new template is released --- .github/workflows/Lockfile.yml | 2 +- .github/workflows/LockfilePR.yml | 2 +- .github/workflows/code-qualitiy.yml | 4 ++-- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/doc.yml | 2 +- .github/workflows/ensure-release-notrunning.yml | 2 +- .github/workflows/gha.sum | 1 - .github/workflows/ghasum.yml | 2 +- .github/workflows/jreleaser.yml | 2 +- .github/workflows/regenerate-lockfile.yml | 2 +- .github/workflows/smoke-tests.yml | 2 +- 12 files changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/Lockfile.yml b/.github/workflows/Lockfile.yml index 58a3b9dd1..d7360c578 100644 --- a/.github/workflows/Lockfile.yml +++ b/.github/workflows/Lockfile.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: run maven-lockfile uses: chains-project/maven-lockfile@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 diff --git a/.github/workflows/LockfilePR.yml b/.github/workflows/LockfilePR.yml index 45c74791e..ae62661e7 100644 --- a/.github/workflows/LockfilePR.yml +++ b/.github/workflows/LockfilePR.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: run maven-lockfile if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} diff --git a/.github/workflows/code-qualitiy.yml b/.github/workflows/code-qualitiy.yml index 837db116d..dd9620568 100644 --- a/.github/workflows/code-qualitiy.yml +++ b/.github/workflows/code-qualitiy.yml @@ -34,7 +34,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 @@ -86,7 +86,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a29959aa9..d99fbfef6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 03c877279..7b9b0a2a0 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: Dependency review uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3 diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index 6006b7f04..801e9ad6a 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -30,7 +30,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: Generate action.yml run: mvn generate-resources resources:copy-resources -q diff --git a/.github/workflows/ensure-release-notrunning.yml b/.github/workflows/ensure-release-notrunning.yml index 2631f92fa..257250525 100644 --- a/.github/workflows/ensure-release-notrunning.yml +++ b/.github/workflows/ensure-release-notrunning.yml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: Check for running release action if: ${{ !startsWith(github.head_ref, 'release/') }} diff --git a/.github/workflows/gha.sum b/.github/workflows/gha.sum index 27820a335..3998b7bae 100755 --- a/.github/workflows/gha.sum +++ b/.github/workflows/gha.sum @@ -9,7 +9,6 @@ actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 XE1eqHfEOlHsHx+3cUQA actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 cKZQn6p38RgADB4MCMpbFp94sScgm/u3B7rEDB9QS5I= actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 Cn0rDfuNlsG0naRPXRAUwU3fAQ9P+sxzfPvU5EcNOQ8= actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 kZHHfo2NsxevBRTKrZnUpDu0Cxgtj5Vooe4x4rylvg8= -chains-project/maven-lockfile@3d65923194f2b6fd60f5927410aefd7484c21899 VuxxxpD7x8EBUPC+TK4kOK7ggnepJC0r/3OYgJKSoOg= chains-project/maven-lockfile@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 T38KDM1zM6kwLUBhic4bMVvYmHzH8wpCGj7OdtKZ5vk= github/codeql-action@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 Q+iQ8dD+2vVovYXWYjcua7j5m2abvY0o9LG9AQae7jc= jreleaser/release-action@ad73772277e63d9f2bbf4f24a7bb1300388334d7 uCAaYYuyjM4iq8qflqOt5SzivqVnl3ZXt7vI9BWpHAo= diff --git a/.github/workflows/ghasum.yml b/.github/workflows/ghasum.yml index d5f21b51e..09557578b 100644 --- a/.github/workflows/ghasum.yml +++ b/.github/workflows/ghasum.yml @@ -30,7 +30,7 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Update gha.sum - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 with: mode: update diff --git a/.github/workflows/jreleaser.yml b/.github/workflows/jreleaser.yml index 34b4f022f..4fc3b5308 100644 --- a/.github/workflows/jreleaser.yml +++ b/.github/workflows/jreleaser.yml @@ -39,7 +39,7 @@ jobs: token: ${{ secrets.JRELEASER_GITHUB_TOKEN }} - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: Set up JDK 17 uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/regenerate-lockfile.yml b/.github/workflows/regenerate-lockfile.yml index 774eba441..25a50ab77 100644 --- a/.github/workflows/regenerate-lockfile.yml +++ b/.github/workflows/regenerate-lockfile.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - name: run maven-lockfile uses: chains-project/maven-lockfile@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 9d370e46e..9ef888b7c 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Verify action checksums - uses: chains-project/maven-lockfile/.github/actions/ghasum@3d65923194f2b6fd60f5927410aefd7484c21899 # 5.6.1-SNAPSHOT + uses: chains-project/maven-lockfile/.github/actions/ghasum@7a05656a5fd15ba8db78d7a8753142ac4117e6e3 # 5.6.1 - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: