From 1292e5f9389c41229528fa17b5af3672932d0012 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 16 Jan 2025 07:15:30 +0000 Subject: [PATCH] Pin dependencies --- .github/workflows/analyze-code-graph.yml | 18 +++++++++--------- .../workflows/check-links-in-documentation.yml | 4 ++-- .github/workflows/check-renovate-config.yml | 4 ++-- .github/workflows/java-code-analysis.yml | 12 ++++++------ .github/workflows/typescript-code-analysis.yml | 10 +++++----- 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/analyze-code-graph.yml b/.github/workflows/analyze-code-graph.yml index 26241cc6..a6d68d88 100644 --- a/.github/workflows/analyze-code-graph.yml +++ b/.github/workflows/analyze-code-graph.yml @@ -49,7 +49,7 @@ jobs: if: inputs.artifacts-upload-name == '' && inputs.sources-upload-name == '' run: echo "Please specify either the input parameter 'artifacts-upload-name' or 'sources-upload-name'."; exit 1 - name: Checkout code-graph-analysis-pipeline - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: JohT/code-graph-analysis-pipeline ref: 41f3e22b5bd65351474dd23effeee91fab849a12 @@ -57,14 +57,14 @@ jobs: persist-credentials: false - name: (Java Setup) Java Development Kit (JDK) ${{ matrix.java }} - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: "temurin" java-version: ${{ matrix.java }} # "Setup Python" can be skipped if jupyter notebook analysis-results aren't needed - name: (Python Setup) Setup Cache for Conda package manager Miniforge - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 env: # Increase this value to reset cache if etc/example-environment.yml has not changed # Reference: https://github.com/conda-incubator/setup-miniconda#caching @@ -75,7 +75,7 @@ jobs: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-environments-${{hashFiles('**/environment.yml', '.github/workflows/*.yml') }} - name: (Python Setup) Use version ${{ matrix.python }} with Conda package manager Miniforge - uses: conda-incubator/setup-miniconda@v3 + uses: conda-incubator/setup-miniconda@d2e6a045a86077fb6cad6f5adf368e9076ddaa8d # v3 with: python-version: ${{ matrix.python }} miniforge-version: ${{ matrix.miniforge }} @@ -95,7 +95,7 @@ jobs: echo "code-graph-analysis-pipeline/" >> .gitignore - name: (Code Analysis Setup) Setup Cache Analysis Downloads - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: ./code-graph-analysis-pipeline/temp/downloads key: @@ -118,14 +118,14 @@ jobs: - name: (Code Analysis Setup) Download sources for analysis if: inputs.sources-upload-name != '' - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ inputs.sources-upload-name }} path: code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }} - name: (Code Analysis Setup) Download artifacts for analysis if: inputs.artifacts-upload-name != '' - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ inputs.artifacts-upload-name }} path: code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}/artifacts @@ -151,7 +151,7 @@ jobs: # Upload logs and unfinished analysis-results in case of an error for troubleshooting - name: (Code Analysis Results) Archive failed run with logs and unfinished analysis-results if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: java-code-analysis-logs-java-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }} path: | @@ -162,7 +162,7 @@ jobs: # Upload successful analysis-results in case they are needed for troubleshooting - name: (Code Analysis Results) Archive successful analysis-results if: success() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: ${{ steps.set-analysis-results-artifact-name.outputs.uploaded-analysis-results-artifact-name }} path: ./code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}/reports/* diff --git a/.github/workflows/check-links-in-documentation.yml b/.github/workflows/check-links-in-documentation.yml index 259c9469..8669aa0b 100644 --- a/.github/workflows/check-links-in-documentation.yml +++ b/.github/workflows/check-links-in-documentation.yml @@ -16,10 +16,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout GIT Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' diff --git a/.github/workflows/check-renovate-config.yml b/.github/workflows/check-renovate-config.yml index bf4985ee..ced178ad 100644 --- a/.github/workflows/check-renovate-config.yml +++ b/.github/workflows/check-renovate-config.yml @@ -13,10 +13,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout GIT Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' diff --git a/.github/workflows/java-code-analysis.yml b/.github/workflows/java-code-analysis.yml index bb54a518..3d9c356f 100644 --- a/.github/workflows/java-code-analysis.yml +++ b/.github/workflows/java-code-analysis.yml @@ -53,14 +53,14 @@ jobs: steps: - name: (Prepare Code to Analyze) Checkout AxonFramework repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: AxonFramework/AxonFramework ref: axon-${{ env.AXON_FRAMEWORK_VERSION }} path: ./source - name: (Prepare Code to Analyze) Setup Java Development Kit for Maven JARs downloading (JDK) ${{ env.JAVA_VERSION}} - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION}} @@ -94,7 +94,7 @@ jobs: - name: (Prepare Code to Analyze) Upload sources to analyze if: success() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }} path: ./source @@ -103,7 +103,7 @@ jobs: - name: (Prepare Code to Analyze) Upload artifacts to analyze if: success() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: ${{ steps.set-artifacts-upload-name.outputs.artifacts-upload-name }} path: ./artifacts @@ -130,12 +130,12 @@ jobs: steps: - name: Checkout GIT Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.WORKFLOW_GIT_ACCESS_TOKEN }} - name: (Code Analysis Setup) Download source code and artifacts for analysis - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ needs.analyze-code-graph.outputs.uploaded-analysis-results }} path: analysis-results/${{ needs.prepare-code-to-analyze.outputs.analysis-name }} diff --git a/.github/workflows/typescript-code-analysis.yml b/.github/workflows/typescript-code-analysis.yml index 596c641c..4e159f7a 100644 --- a/.github/workflows/typescript-code-analysis.yml +++ b/.github/workflows/typescript-code-analysis.yml @@ -50,13 +50,13 @@ jobs: steps: - name: (Prepare Code to Analyze) Checkout react-router repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: remix-run/react-router ref: react-router@${{ env.REACT_ROUTER_VERSION }} - name: (Prepare Code to Analyze) Setup pnpm for react-router - uses: pnpm/action-setup@v4.0.0 + uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 - name: (Prepare Code to Analyze) Install dependencies with pnpm run: pnpm install --frozen-lockfile --strict-peer-dependencies @@ -75,7 +75,7 @@ jobs: - name: (Prepare Code to Analyze) Upload code to analyze if: success() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: ${{ steps.set-sources-upload-name.outputs.sources-upload-name }} path: . @@ -101,12 +101,12 @@ jobs: steps: - name: Checkout GIT Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.WORKFLOW_GIT_ACCESS_TOKEN }} - name: (Code Analysis Setup) Download source code and artifacts for analysis - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ needs.analyze-code-graph.outputs.uploaded-analysis-results }} path: analysis-results/${{ needs.prepare-code-to-analyze.outputs.analysis-name }}