diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8090350..916a602 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -47,30 +47,30 @@ jobs: timeout-minutes: 10 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: '0' - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: java-version: '17.0.10' distribution: 'liberica' architecture: 'x64' - - uses: gradle/wrapper-validation-action@699bb18358f12c5b78b37bb0111d3a0e2276e0e2 # v2.1.1 + - uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2.1.3 - name: Set up Gradle - uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: generate-job-summary: true dependency-graph: generate-and-submit - name: Install cosign if: ${{ inputs.sign }} - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 with: cosign-release: 'v2.1.1' - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Build env: @@ -84,7 +84,7 @@ jobs: run: ./gradlew quarkusIntTest - name: Upload build reports if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: build-reports path: | @@ -92,7 +92,7 @@ jobs: !build/reports/configuration-cache - name: Upload jar if: ${{ inputs.upload }} - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: pulsar-bookie-utils-${{ inputs.version }}.jar path: build/quarkus-build/gen/pulsar-bookie-utils-${{ inputs.version }}-runner.jar @@ -100,7 +100,7 @@ jobs: run: mv "build/pulsar-bookie-utils-${{ inputs.version }}-runner.jar" "pulsar-bookie-utils-${{ inputs.version }}.jar" - name: Add jar to release if: ${{ github.event_name == 'release' && inputs.upload }} - uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 with: tag_name: ${{ inputs.version }} files: | @@ -111,19 +111,19 @@ jobs: QUARKUS_PACKAGE_TYPE: "fast-jar" run: ./gradlew build - name: Registry login - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract docker metadata (tags, labels) id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Build and push id: build-and-push - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: context: . platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/determine_version.yaml b/.github/workflows/determine_version.yaml index 41a180c..e26be1e 100644 --- a/.github/workflows/determine_version.yaml +++ b/.github/workflows/determine_version.yaml @@ -12,13 +12,13 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: '0' - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 with: - go-version: 1.21.3 + go-version: 1.26.1 - name: Install SVU run: go install github.com/caarlos0/svu@00b733b056534c0fbdb316bbd37c023e7bb80905 #v1.11.0 - name: Get branch name (merge) diff --git a/.github/workflows/owasp.yaml b/.github/workflows/owasp.yaml index 277432f..c0e59ff 100644 --- a/.github/workflows/owasp.yaml +++ b/.github/workflows/owasp.yaml @@ -24,18 +24,18 @@ jobs: timeout-minutes: 15 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: '0' - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: java-version: '17.0.10' distribution: 'liberica' architecture: 'x64' - - uses: gradle/wrapper-validation-action@699bb18358f12c5b78b37bb0111d3a0e2276e0e2 # v2.1.1 + - uses: gradle/wrapper-validation-action@b5418f5a58f5fd2eb486dd7efb368fe7be7eae45 # v2.1.3 - name: Set up Gradle - uses: gradle/gradle-build-action@29c0906b64b8fc82467890bfb7a0a7ef34bda89e # v3.1.0 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: generate-job-summary: true dependency-graph: generate-and-submit @@ -48,7 +48,7 @@ jobs: run: ./gradlew dependencyCheckAggregate - name: Upload build reports if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: owasp-reports path: |