From 95978a41754838c9def64a4a9fc2920f05c3e2ae Mon Sep 17 00:00:00 2001 From: Andreas Dangel Date: Thu, 7 Aug 2025 18:49:17 +0200 Subject: [PATCH 1/2] [ci] Pin GitHub Actions version with SHA --- .github/actions/setup/action.yml | 4 ++-- .github/workflows/build.yml | 10 ++++---- .github/workflows/publish-release.yml | 32 +++++++++++++------------- .github/workflows/publish-snapshot.yml | 22 +++++++++--------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index e3793f5b..4917a838 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -5,12 +5,12 @@ runs: using: 'composite' steps: - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 #v4.7.1 with: distribution: temurin java-version: '21' - name: Cache local Maven repository - uses: actions/cache@v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 87634ac1..6a78492f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: shell: bash runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Setup Environment uses: ./.github/actions/setup @@ -36,7 +36,7 @@ jobs: verify - name: Upload screenshots of failed unit tests - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 if: ${{ failure() }} with: name: screenshots-ubuntu-latest @@ -44,7 +44,7 @@ jobs: if-no-files-found: ignore - name: Upload update-site - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: update-site path: net.sourceforge.pmd.eclipse.p2updatesite/target/net.sourceforge.pmd.eclipse.p2updatesite-*.zip @@ -78,7 +78,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Setup Environment uses: ./.github/actions/setup @@ -92,7 +92,7 @@ jobs: -Dtarget.platform="${TARGET_PLATFORM}" - name: Upload screenshots of failed unit tests - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 if: ${{ failure() }} with: name: screenshots-${{ matrix.os }}-${{ matrix.targetPlatform }} diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 131c4de5..89e7f587 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -32,15 +32,15 @@ jobs: outputs: VERSION: ${{ steps.version.outputs.VERSION }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ref: ${{ github.event.workflow_run.head_branch }} - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 #v4.7.1 with: distribution: 'temurin' java-version: '21' - name: Cache local Maven repository - uses: actions/cache@v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository @@ -91,19 +91,19 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ref: ${{ github.event.workflow_run.head_branch }} - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 #v4.7.1 with: distribution: temurin java-version: '21' gpg-private-key: ${{ secrets.PMD_CI_GPG_PRIVATE_KEY }} - name: Cache local Maven repository - uses: actions/cache@v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository @@ -122,7 +122,7 @@ jobs: -Psign -DskipTests - name: Upload update-site - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: update-site path: net.sourceforge.pmd.eclipse.p2updatesite/target/net.sourceforge.pmd.eclipse.p2updatesite-*.zip @@ -137,15 +137,15 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ref: ${{ github.event.workflow_run.head_branch }} - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: name: update-site - name: Prepare Release Notes run: .ci/files/prepare_release_notes.sh - - uses: actions/create-github-app-token@v2 + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e #v2.0.6 id: pmd-actions-helper-app-token with: app-id: ${{ secrets.PMD_ACTIONS_HELPER_ID }} @@ -179,7 +179,7 @@ jobs: run: shell: bash steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: name: update-site - name: Setup ssh key for sourceforge @@ -223,13 +223,13 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ref: ${{ github.event.workflow_run.head_branch }} - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: name: update-site - - uses: actions/create-github-app-token@v2 + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e #v2.0.6 id: pmd-actions-helper-app-token with: app-id: ${{ secrets.PMD_ACTIONS_HELPER_ID }} @@ -238,7 +238,7 @@ jobs: repositories: pmd-eclipse-plugin-p2-site permission-contents: write - name: Prepare Local P2 Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: repository: pmd/pmd-eclipse-plugin-p2-site ref: gh-pages @@ -274,7 +274,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ref: ${{ github.event.workflow_run.head_branch }} - name: Prepare Release Notes diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot.yml index 40f30739..f4e58bc5 100644 --- a/.github/workflows/publish-snapshot.yml +++ b/.github/workflows/publish-snapshot.yml @@ -30,16 +30,16 @@ jobs: outputs: VERSION: ${{ steps.version.outputs.VERSION }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ref: main - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 #v4.7.1 with: distribution: temurin java-version: '21' - name: Cache local Maven repository - uses: actions/cache@v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository @@ -83,17 +83,17 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 #v4.7.1 with: distribution: temurin java-version: '21' gpg-private-key: ${{ secrets.PMD_CI_GPG_PRIVATE_KEY }} - name: Cache local Maven repository - uses: actions/cache@v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository @@ -112,7 +112,7 @@ jobs: -Psign -DskipTests - name: Upload update-site - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: update-site path: net.sourceforge.pmd.eclipse.p2updatesite/target/net.sourceforge.pmd.eclipse.p2updatesite-*.zip @@ -130,7 +130,7 @@ jobs: run: shell: bash steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: name: update-site - name: Setup ssh key for sourceforge @@ -174,10 +174,10 @@ jobs: run: shell: bash steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: name: update-site - - uses: actions/create-github-app-token@v2 + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e #v2.0.6 id: pmd-actions-helper-app-token with: app-id: ${{ secrets.PMD_ACTIONS_HELPER_ID }} @@ -186,7 +186,7 @@ jobs: repositories: pmd-eclipse-plugin-p2-site permission-contents: write - name: Prepare Local P2 Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: repository: pmd/pmd-eclipse-plugin-p2-site ref: gh-pages From 59573e17a5a0db7aa2d4dbdc09b3a43a0ccd381a Mon Sep 17 00:00:00 2001 From: Andreas Dangel Date: Thu, 7 Aug 2025 18:50:07 +0200 Subject: [PATCH 2/2] chore: Update dependabot config --- .github/dependabot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b9d7f19f..9c7558f7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,5 +9,6 @@ updates: directory: "/" schedule: interval: "weekly" + day: "wednesday" # Allow up to 10 open pull requests for maven dependencies open-pull-requests-limit: 10