From 80ffe23c058816cf1c14a165ae080e22d8bce602 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 13 Sep 2025 08:36:31 +0000 Subject: [PATCH 1/3] Initial plan From dcf5e23ec2a0c0299d8c78a5c698c292232d3d70 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 13 Sep 2025 08:45:26 +0000 Subject: [PATCH 2/3] Pin GitHub Actions dependencies with commit SHAs and update Dependabot config Co-authored-by: scordio <26772046+scordio@users.noreply.github.com> --- .github/dependabot.yml | 6 +++++- .github/workflows/ci.yml | 8 ++++---- .github/workflows/dependabot-auto-merge-patch.yml | 2 +- .github/workflows/gradle-wrapper-validation.yml | 4 ++-- .github/workflows/release.yml | 8 ++++---- 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1ef0730..d9fcb0a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,4 +7,8 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "weekly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b4ad2a..3d02733 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,16 +12,16 @@ jobs: if: github.event_name == 'pull_request' || (github.event_name == 'push' && github.ref == 'refs/heads/main') steps: - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: 21 distribution: 'temurin' - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: gradle/wrapper-validation-action@v3 + - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 with: gradle-version: 8.12.1 diff --git a/.github/workflows/dependabot-auto-merge-patch.yml b/.github/workflows/dependabot-auto-merge-patch.yml index 0892130..5a833c0 100644 --- a/.github/workflows/dependabot-auto-merge-patch.yml +++ b/.github/workflows/dependabot-auto-merge-patch.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0 with: github-token: "${{secrets.GITHUB_TOKEN}}" diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 5d924bd..594a4e3 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -6,5 +6,5 @@ jobs: name: "Validation" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 - - uses: gradle/wrapper-validation-action@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b629cb8..cbf36da 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,17 +7,17 @@ jobs: JVM-Run-Gradle-Release: runs-on: ubuntu-latest steps: - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: 17 distribution: 'temurin' - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Given we are doing a release, lets make sure we have a safe gradle install - - uses: gradle/wrapper-validation-action@v3 + - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - - uses: gradle/gradle-build-action@v3 + - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 - name: Verify all checks pass run: ./gradlew test From ec52d870807389fb3e34b10fd6bd19ee82dc3144 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 13 Sep 2025 09:10:24 +0000 Subject: [PATCH 3/3] Update wrapper validation action to gradle/actions/wrapper-validation Co-authored-by: scordio <26772046+scordio@users.noreply.github.com> --- .github/workflows/ci.yml | 2 -- .github/workflows/gradle-wrapper-validation.yml | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3d02733..778a075 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,8 +19,6 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 - - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 with: gradle-version: 8.12.1 diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 594a4e3..0a6391b 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -7,4 +7,4 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: gradle/wrapper-validation-action@f9c9c575b8b21b6485636a91ffecd10e558c62f6 # v3.5.0 + - uses: gradle/actions/wrapper-validation@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0