@@ -17,16 +17,16 @@ jobs:
1717 outputs :
1818 sha256 : ${{ steps.checksums.outputs.sha256 }}
1919 steps :
20- - uses : actions/checkout@v6
20+ - uses : actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2121 with :
2222 fetch-depth : 0 # deep fetch for better sonarcloud analysis
23- - uses : actions/setup-java@v5
23+ - uses : actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
2424 with :
2525 distribution : ' temurin'
2626 java-version : ${{ env.JAVA_VERSION }}
2727 cache : ' maven'
2828 - name : Cache SonarCloud packages
29- uses : actions/cache@v5
29+ uses : actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
3030 with :
3131 path : ~/.sonar/cache
3232 key : ${{ runner.os }}-sonar
@@ -56,12 +56,12 @@ jobs:
5656 } >> $GITHUB_OUTPUT
5757 - name : Attest
5858 if : startsWith(github.ref, 'refs/tags/')
59- uses : actions/attest-build-provenance@v3
59+ uses : actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0
6060 with :
6161 subject-path : |
6262 target/*.jar
6363 target/*.pom
64- - uses : actions/upload-artifact@v6
64+ - uses : actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
6565 with :
6666 name : artifacts
6767 path : target/*.jar
7575 needs : [build]
7676 if : github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
7777 steps :
78- - uses : actions/checkout@v6
79- - uses : actions/setup-java@v5
78+ - uses : actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
79+ - uses : actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
8080 with :
8181 distribution : ' temurin'
8282 java-version : ${{ env.JAVA_VERSION }}
@@ -111,8 +111,8 @@ jobs:
111111 needs : [build]
112112 if : github.repository_owner == 'cryptomator' && (startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[deploy]'))
113113 steps :
114- - uses : actions/checkout@v6
115- - uses : actions/setup-java@v5
114+ - uses : actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
115+ - uses : actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
116116 with :
117117 java-version : ${{ env.JAVA_VERSION }}
118118 distribution : ' temurin'
@@ -142,7 +142,7 @@ jobs:
142142 if : startsWith(github.ref, 'refs/tags/')
143143 steps :
144144 - name : Create Release
145- uses : softprops/action-gh-release@v2
145+ uses : softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
146146 with :
147147 prerelease : true
148148 token : ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
0 commit comments