This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch ci/pin-actions-to-sha in repository https://gitbox.apache.org/repos/asf/struts-intellij-plugin.git
commit 972b54edc2963ca06e491e1ede9e2115e72e48a6 Author: Lukasz Lenart <[email protected]> AuthorDate: Sun Mar 22 18:29:38 2026 +0100 ci: pin all GitHub Actions to SHA hashes for supply chain security Pin all action references to commit SHAs instead of mutable tags, following ASF infrastructure-actions allowed list where available. Co-Authored-By: Claude Opus 4.6 <[email protected]> --- .github/workflows/build.yml | 42 +++++++++++++++++------------------ .github/workflows/nightly.yml | 10 ++++----- .github/workflows/prepare_release.yml | 8 +++---- .github/workflows/release.yml | 8 +++---- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a35f088..31603b0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,22 +52,22 @@ jobs: # Check out the current repository - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # Validate wrapper - name: Gradle Wrapper Validation - uses: gradle/actions/wrapper-validation@v5 + uses: gradle/actions/wrapper-validation@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 # Set up Java environment for the next steps - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: zulu java-version: 21 # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: gradle-home-cache-cleanup: true @@ -98,7 +98,7 @@ jobs: # Store already-built plugin as an artifact for downloading (skip for Dependabot) - name: Upload artifact if: github.actor != 'dependabot[bot]' - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: ${{ steps.artifact.outputs.filename }} path: ./build/distributions/content/*/* @@ -113,18 +113,18 @@ jobs: # Check out the current repository - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # Set up Java environment for the next steps - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: zulu java-version: 21 # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: gradle-home-cache-cleanup: true @@ -136,14 +136,14 @@ jobs: # Collect Tests Result of failed tests - name: Collect Tests Result if: ${{ failure() }} - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: tests-result path: ${{ github.workspace }}/build/reports/tests # Upload the Kover report to CodeCov - name: Upload Code Coverage Report - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 with: files: ${{ github.workspace }}/build/reports/kover/report.xml @@ -160,14 +160,14 @@ jobs: # Free GitHub Actions Environment Disk Space - name: Maximize Build Space - uses: jlumbroso/[email protected] + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false large-packages: false # Check out the current repository - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # to check out the actual pull request commit, not the merge commit ref: ${{ github.event.pull_request.head.sha }} @@ -176,14 +176,14 @@ jobs: # Set up the Java environment for the next steps - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: zulu java-version: 21 # Run Qodana inspections - name: Qodana - Code Inspection - uses: JetBrains/[email protected] + uses: JetBrains/qodana-action@89eb4357efd2b52e639f3216e63edaf33b82622b # v2025.3.2 with: cache-default-branch-only: true @@ -196,31 +196,31 @@ jobs: # Free GitHub Actions Environment Disk Space - name: Maximize Build Space - uses: jlumbroso/[email protected] + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false large-packages: false # Check out the current repository - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # Set up Java environment for the next steps - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: zulu java-version: 21 # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: gradle-home-cache-cleanup: true # Cache Plugin Verifier IDEs - name: Setup Plugin Verifier IDEs Cache - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: ${{ needs.build.outputs.pluginVerifierHomeDir }}/ides key: plugin-verifier-${{ hashFiles('build/listProductsReleases.txt') }} @@ -232,7 +232,7 @@ jobs: # Collect Plugin Verifier Result - name: Collect Plugin Verifier Result if: ${{ always() }} - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: pluginVerifier-result path: ${{ github.workspace }}/build/reports/pluginVerifier @@ -247,7 +247,7 @@ jobs: pull-requests: write steps: - name: Comment on PR - uses: actions/github-script@v8 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const prNumber = context.payload.pull_request.number; diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 001fa33..cf7d9e5 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -75,20 +75,20 @@ jobs: # Check out the current repository - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 # Set up Java environment - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: zulu java-version: 21 # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: gradle-home-cache-cleanup: true @@ -156,7 +156,7 @@ jobs: # Store already-built plugin as an artifact for downloading - name: Upload artifact - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: ${{ steps.artifact.outputs.filename }} path: ./build/distributions/content/*/* diff --git a/.github/workflows/prepare_release.yml b/.github/workflows/prepare_release.yml index 8b7c641..a146002 100644 --- a/.github/workflows/prepare_release.yml +++ b/.github/workflows/prepare_release.yml @@ -38,25 +38,25 @@ jobs: # Free GitHub Actions Environment Disk Space - name: Maximize Build Space - uses: jlumbroso/[email protected] + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false large-packages: false # Check out the selected branch - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # Set up Java environment for the next steps - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: zulu java-version: 21 # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: gradle-home-cache-cleanup: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7bbe259..73c7443 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,27 +33,27 @@ jobs: # Free GitHub Actions Environment Disk Space - name: Maximize Build Space - uses: jlumbroso/[email protected] + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false large-packages: false # Check out the current repository - name: Fetch Sources - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ github.event.release.tag_name }} # Set up Java environment for the next steps - name: Setup Java - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: zulu java-version: 21 # Setup Gradle - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 with: gradle-home-cache-cleanup: true
