Skip to content

Commit 6f621d0

Browse files
Merge pull request #99 from cryptomator/feature/pin-gh-actions-version
Pin GitHub Actions to commit SHAs
2 parents 883c526 + 3680d6c commit 6f621d0

File tree

5 files changed

+19
-19
lines changed

5 files changed

+19
-19
lines changed

.github/workflows/build-linux.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,8 +62,8 @@ jobs:
6262
artifact-name: cryptomator-cli-${{ needs.prepare.outputs.semVerStr }}-linux-aarch64.zip
6363
runs-on: ${{ matrix.os }}
6464
steps:
65-
- uses: actions/checkout@v4
66-
- uses: actions/setup-java@v4
65+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4.3.1
66+
- uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 #v4.8.0
6767
with:
6868
java-version: ${{ env.JAVA_VERSION }}
6969
distribution: ${{ env.JAVA_DIST }}
@@ -90,7 +90,7 @@ jobs:
9090
run: |
9191
cp LICENSE.txt target/cryptomator-cli
9292
cp target/cryptomator-cli_completion.sh target/cryptomator-cli
93-
- uses: actions/upload-artifact@v4
93+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
9494
with:
9595
name: cryptomator-cli-linux-${{ matrix.architecture }}
9696
path: ./target/cryptomator-cli
@@ -109,7 +109,7 @@ jobs:
109109
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
110110
- name: Publish artefact on GitHub Releases
111111
if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
112-
uses: softprops/action-gh-release@v2
112+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
113113
with:
114114
fail_on_unmatched_files: true
115115
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}

.github/workflows/build-mac.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
semVerNum: ${{steps.determine-number.outputs.number}}
3434
revisionNum: ${{steps.determine-number.outputs.revision}}
3535
steps:
36-
- uses: actions/checkout@v4
36+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4.3.1
3737
with:
3838
fetch-depth: 0
3939
- id: determine-version
@@ -72,8 +72,8 @@ jobs:
7272
xcode-path: /Applications/Xcode_15.2.app
7373
runs-on: ${{ matrix.os }}
7474
steps:
75-
- uses: actions/checkout@v4
76-
- uses: actions/setup-java@v4
75+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4.3.1
76+
- uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 #v4.8.0
7777
with:
7878
java-version: ${{ env.JAVA_VERSION }}
7979
distribution: ${{ env.JAVA_DIST }}
@@ -206,7 +206,7 @@ jobs:
206206
env:
207207
GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
208208
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
209-
- uses: actions/upload-artifact@v4
209+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
210210
with:
211211
name: cryptomator-cli-mac-${{ matrix.architecture }}
212212
path: |
@@ -215,7 +215,7 @@ jobs:
215215
if-no-files-found: error
216216
- name: Publish artefact on GitHub Releases
217217
if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
218-
uses: softprops/action-gh-release@v2
218+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
219219
with:
220220
fail_on_unmatched_files: true
221221
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}

.github/workflows/build-win.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,8 @@ jobs:
5252
env:
5353
artifact-name: cryptomator-cli-${{ needs.prepare.outputs.semVerStr }}-win-x64.zip
5454
steps:
55-
- uses: actions/checkout@v4
56-
- uses: actions/setup-java@v4
55+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4.3.1
56+
- uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 #v4.8.0
5757
with:
5858
java-version: ${{ env.JAVA_VERSION }}
5959
distribution: ${{ env.JAVA_DIST }}
@@ -102,7 +102,7 @@ jobs:
102102
$jar.Dispose()
103103
}
104104
- name: Codesign
105-
uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f
105+
uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f #TODO: replace by azure signing
106106
with:
107107
base-dir: 'target'
108108
file-extensions: 'dll,exe'
@@ -135,7 +135,7 @@ jobs:
135135
env:
136136
GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
137137
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
138-
- uses: actions/upload-artifact@v4
138+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
139139
with:
140140
name: cryptomator-cli-win-x64
141141
path: |
@@ -144,7 +144,7 @@ jobs:
144144
if-no-files-found: error
145145
- name: Publish artefact on GitHub Releases
146146
if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
147-
uses: softprops/action-gh-release@v2
147+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
148148
with:
149149
fail_on_unmatched_files: true
150150
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}

.github/workflows/build.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@ jobs:
1212
outputs:
1313
artifactVersion: ${{ steps.setversion.outputs.version }}
1414
steps:
15-
- uses: actions/checkout@v4
16-
- uses: actions/setup-java@v4
15+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4.3.1
16+
- uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 #v4.8.0
1717
with:
1818
java-version: '24'
1919
distribution: 'temurin'
@@ -28,13 +28,13 @@ jobs:
2828
- name: Build and Test
2929
run: mvn -B install
3030
- name: Upload artifact cryptomator-cli-${{ steps.setversion.outputs.version }}.jar
31-
uses: actions/upload-artifact@v4
31+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
3232
with:
3333
name: cryptomator-cli-${{ steps.setversion.outputs.version }}.jar
3434
path: target/cryptomator-cli-*.jar
3535
- name: Create release
3636
if: startsWith(github.ref, 'refs/tags/')
37-
uses: softprops/action-gh-release@v2
37+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
3838
with:
3939
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
4040
generate_release_notes: true

.github/workflows/post-publish.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
2929
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
3030
- name: Publish asc on GitHub Releases
31-
uses: softprops/action-gh-release@v2
31+
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
3232
with:
3333
fail_on_unmatched_files: true
3434
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}

0 commit comments

Comments
 (0)