diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index db4c4598843..60f3edb9c32 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -38,15 +38,15 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: 17
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v3
+ uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
- uses: github/codeql-action/autobuild@v3
+ uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
# âšī¸ Command-line programs to run using the OS shell.
# đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,4 +71,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 2e0fa88144f..f2f2b7acedf 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -18,7 +18,7 @@ jobs:
contents: read
steps:
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "đ Check if we should skip publish"
id: check_prevent_property
run: |
@@ -40,14 +40,14 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: ${{ matrix.java }}
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đ¨ Build project"
@@ -68,14 +68,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: ${{ matrix.java }}
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đ¨ Functional Tests"
@@ -91,14 +91,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: 17
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đ¤ Publish Snapshot Artifacts to Artifactory (repo.grails.org/libs-snapshot-local)"
diff --git a/.github/workflows/groovy-joint-workflow.yml b/.github/workflows/groovy-joint-workflow.yml
index 8b97a2adb01..31c897d8cfc 100644
--- a/.github/workflows/groovy-joint-workflow.yml
+++ b/.github/workflows/groovy-joint-workflow.yml
@@ -16,17 +16,17 @@ jobs:
groovyVersion: ${{ steps.groovy-version.outputs.value }}
steps:
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: 17
- name: "đī¸ Cache local Maven repository"
- uses: actions/cache@v4
+ uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
with:
path: ~/.m2/repository
key: cache-local-maven-${{ github.sha }}
- name: "đĨ Checkout Grails Core to fetch Gradle Plugin versions it uses"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
sparse-checkout-cone-mode: false
sparse-checkout: settings.gradle
@@ -43,7 +43,7 @@ jobs:
- name: "đĨ Checkout Groovy 4_0_X (Grails 7 and later)"
run: git clone --depth 1 https://github.com/apache/groovy.git -b GROOVY_4_0_X --single-branch
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đ Store Groovy version to use when building Grails"
@@ -117,18 +117,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "đĨ Checkout project"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: 17
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đī¸ Restore local Maven repository from cache"
- uses: actions/cache@v4
+ uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
with:
path: ~/.m2/repository
key: cache-local-maven-${{ github.sha }}
diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
index 5e8aee97291..79fdd9dc03d 100644
--- a/.github/workflows/pre-release.yml
+++ b/.github/workflows/pre-release.yml
@@ -416,7 +416,7 @@ jobs:
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/${{ github.repository_owner }}/packages/maven/org.grails.grails-testing-support || true
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "đ Set Prevent Snapshot Publishing Flag"
if: ${{ github.event.inputs.preventSnapshots }}
run: |
@@ -434,12 +434,12 @@ jobs:
echo "Publishing already disabled."
fi
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: 'liberica'
java-version: '17'
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
- name: "â Set version to ${{ github.event.inputs.targetVersion }}"
diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml
index f40a82c4567..ab493361b7a 100644
--- a/.github/workflows/release-notes.yml
+++ b/.github/workflows/release-notes.yml
@@ -19,6 +19,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "đ Update Release Draft"
- uses: release-drafter/release-drafter@v6
+ uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d752cf4fdce..e241704cac6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -410,7 +410,7 @@ jobs:
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/${{ github.repository_owner }}/packages/maven/org.grails.grails-testing-support
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: "â Revert Prevent Snapshot Publishing Flag"
run: |
sed -i "s/^preventSnapshotPublish.*$/preventSnapshotPublish\=false/" gradle.properties
@@ -426,12 +426,12 @@ jobs:
echo "Publishing already enabled."
fi
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: 17
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đ Store the target branch"
@@ -498,17 +498,17 @@ jobs:
contents: read # limit to read access
steps:
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
token: ${{ secrets.GH_TOKEN }}
ref: v${{ needs.publish.outputs.release_version }}
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: 17
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đĒ Nexus Staging Close And Release"
diff --git a/.github/workflows/retry-release.yml b/.github/workflows/retry-release.yml
index 9988e1b4bdb..2bb4b980508 100644
--- a/.github/workflows/retry-release.yml
+++ b/.github/workflows/retry-release.yml
@@ -20,7 +20,7 @@ jobs:
GIT_USER_EMAIL: 'grails-build@users.noreply.github.com'
steps:
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: "v${{ github.event.inputs.release }}"
token: ${{ secrets.GH_TOKEN }}
@@ -30,7 +30,7 @@ jobs:
distribution: liberica
java-version: 17
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đ Store the target branch"
diff --git a/.github/workflows/sdkman.yml b/.github/workflows/sdkman.yml
index 013bd36160c..7ed1f4896ed 100644
--- a/.github/workflows/sdkman.yml
+++ b/.github/workflows/sdkman.yml
@@ -12,17 +12,17 @@ jobs:
contents: read
steps:
- name: "đĨ Checkout repository"
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
token: ${{ secrets.GH_TOKEN }}
ref: v${{ github.event.inputs.version }}
- name: "âī¸ Setup JDK"
- uses: actions/setup-java@v4
+ uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
with:
distribution: liberica
java-version: 17
- name: "đ Setup Gradle"
- uses: gradle/actions/setup-gradle@v4
+ uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4
with:
develocity-access-key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
- name: "đ Grails SDK Minor Release"