diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1ef0730..d9fcb0a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,4 +7,8 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "weekly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b4ad2a..778a075 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,16 +12,14 @@ jobs: if: github.event_name == 'pull_request' || (github.event_name == 'push' && github.ref == 'refs/heads/main') steps: - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: 21 distribution: 'temurin' - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: gradle/wrapper-validation-action@v3 - - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 with: gradle-version: 8.12.1 diff --git a/.github/workflows/dependabot-auto-merge-patch.yml b/.github/workflows/dependabot-auto-merge-patch.yml index 0892130..5a833c0 100644 --- a/.github/workflows/dependabot-auto-merge-patch.yml +++ b/.github/workflows/dependabot-auto-merge-patch.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0 with: github-token: "${{secrets.GITHUB_TOKEN}}" diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 5d924bd..0a6391b 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -6,5 +6,5 @@ jobs: name: "Validation" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 - - uses: gradle/wrapper-validation-action@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: gradle/actions/wrapper-validation@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b629cb8..cbf36da 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,17 +7,17 @@ jobs: JVM-Run-Gradle-Release: runs-on: ubuntu-latest steps: - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: 17 distribution: 'temurin' - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Given we are doing a release, lets make sure we have a safe gradle install - - uses: gradle/wrapper-validation-action@v3 + - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - - uses: gradle/gradle-build-action@v3 + - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 - name: Verify all checks pass run: ./gradlew test