This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-kamelets.git
The following commit(s) were added to refs/heads/main by this push:
new f4992a18 Github Actions Security Best practices: Pin Actions to Full
lenght Commit SHA - Generate SBOM main action (#2159)
f4992a18 is described below
commit f4992a18ca51a1a67fa5e2935f77ac6fa8212b93
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Aug 20 14:41:55 2024 +0200
Github Actions Security Best practices: Pin Actions to Full lenght Commit
SHA - Generate SBOM main action (#2159)
---
.github/workflows/generate-sbom-main.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/generate-sbom-main.yml
b/.github/workflows/generate-sbom-main.yml
index e75f5f23..a5b295e7 100644
--- a/.github/workflows/generate-sbom-main.yml
+++ b/.github/workflows/generate-sbom-main.yml
@@ -35,11 +35,11 @@ jobs:
matrix:
java: [ '17' ]
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #
v4.1.7
with:
persist-credentials: false
- name: Set up JDK ${{ matrix.java }}
- uses: actions/setup-java@v4
+ uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 #
v4.2.2
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
@@ -47,7 +47,7 @@ jobs:
- name: mvn build and sbom generation
run: mvn -V -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false
-Dmaven.wagon.httpconnectionManager.ttlSeconds=120 --no-transfer-progress -e
-Psbom -DskipTests verify
- name: Create Pull Request
- uses: peter-evans/create-pull-request@v6
+ uses:
peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #
v6.1.0
with:
base: main
token: ${{ secrets.GITHUB_TOKEN }}
