Testing PR: Testing whether Pedro's changes resolve spontaneous Score…

…card CI failures (#63) * ICU-22482 Hash-pin GHA, add dependabot to keep them updated Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> * Testing specific optimizations * Revert scorecard-action version number change * Use latest version, uses a version >= 2.0.6 to overcome invalid key bug * Turn off publish results for ossf scorecard action * Revert "Turn off publish results for ossf scorecard action" This reverts commit d6c73d7. * Try out v2.3.1 of ossf/scorecard-action --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <[email protected]> Co-authored-by: Pedro Kaj Kjellerup Nacht <[email protected]>
echeran · Mar 21, 2024 · 474e1d1 · 474e1d1
1 parent 5e95ed8
commit 474e1d1
Show file tree

Hide file tree

Showing 12 changed files with 65 additions and 1,051 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/cache_retain.yml b/.github/workflows/cache_retain.yml
@@ -38,17 +38,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout and setup
-        uses: actions/checkout@v3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           lfs: true
       - name: Checkout lfs objects
         run: git lfs pull
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
         with:
           distribution: 'temurin'
           java-version: '11'
       - name: Restore read-only cache of local Maven repository
-        uses: actions/cache/restore@v3
+        uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         id: cache
         with:
           path: ~/.m2/repository