This is an automated email from the ASF dual-hosted git repository.
benweidig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tapestry-5.git
The following commit(s) were added to refs/heads/master by this push:
new 38df86aed GitHub Actions: only use whitelisted actions (#58)
38df86aed is described below
commit 38df86aed430b06eb1be3b14ac5e87bd30035b86
Author: Christian Köberl <[email protected]>
AuthorDate: Thu May 7 14:48:04 2026 +0200
GitHub Actions: only use whitelisted actions (#58)
Apache only allows whitelisted GH actions, and the firefox/gecko setup
wasn't included.
As the `ubuntu-latest` image includes both Firefox and the GeckoDriver,
both actions aren't needed in the first place.
The remaining actions are now pinned to their hashes instead of tags.
---
.github/workflows/build-pull-request.yaml | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/.github/workflows/build-pull-request.yaml
b/.github/workflows/build-pull-request.yaml
index 14152f55d..5c4dae7b9 100644
--- a/.github/workflows/build-pull-request.yaml
+++ b/.github/workflows/build-pull-request.yaml
@@ -13,22 +13,15 @@ jobs:
matrix:
java: [ 11, 17 ]
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
+ - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
6.0.2
+
+ - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
5.2.0
with:
distribution: temurin
java-version: ${{ matrix.java }}
- - name: Setup Firefox
- uses: browser-actions/setup-firefox@v1
-
- - name: Setup GeckoDriver
- uses: browser-actions/setup-geckodriver@latest
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
-
- name: Setup Gradle
- uses: gradle/actions/setup-gradle@v4
+ uses:
gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # 6.1.0
- name: Build with Gradle
run: ./gradlew -Dci=true --no-daemon --continue build
