From f5c3a80c4f4fca18702af51802801150037619a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 10:17:01 +0000 Subject: [PATCH] build(deps): pin dependencies --- .github/workflows/build.yaml | 36 ++++++++++---------- .github/workflows/dependabot-auto-merge.yaml | 2 +- .github/workflows/docs.yaml | 10 +++--- .github/workflows/dry-run-release.yml | 10 +++--- .github/workflows/linting.yml | 16 ++++----- .github/workflows/mps-compatibility.yaml | 8 ++--- .github/workflows/publish.yml | 18 +++++----- .github/workflows/release.yaml | 6 ++-- 8 files changed, 53 insertions(+), 53 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 58cb12680a..05de154368 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -22,30 +22,30 @@ jobs: security-events: write steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'temurin' java-version: '21' - name: Set up Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 - name: Build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: ./gradlew --build-cache build detektMain detektTest detektJsMain detektJsTest detektJvmMain detektJvmTest :koverHtmlReport :koverXmlReport -PciBuild=true - name: Publish test results - uses: EnricoMi/publish-unit-test-result-action@v2 + uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2 # Also report in case the build failed if: always() with: files: | **/test-results/**/*.xml - name: Archive test report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 # Archive test reports for introspection even if the build failed. They are most useful in this situation. if: always() with: @@ -54,7 +54,7 @@ jobs: */build/test-results */build/reports - name: Report test coverage - uses: madrapps/jacoco-report@v1.7.1 + uses: madrapps/jacoco-report@7c362aca34caf958e7b1c03464bd8781db9f8da7 # v1.7.1 with: paths: ${{ github.workspace }}/build/reports/kover/report.xml token: ${{ secrets.GITHUB_TOKEN }} @@ -62,7 +62,7 @@ jobs: update-comment: true # We need to combine the SARIF files because GitHub has a limit of 20 runs. Our number of modules + targets # exceeds this limit. Therefore, we combine the individual runs in the SARIF files. - - uses: actions/setup-node@v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' - name: Combine SARIF files @@ -78,7 +78,7 @@ jobs: # > if you want to run with no globalization support. DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1 - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3 with: sarif_file: merged.sarif category: detekt @@ -86,14 +86,14 @@ jobs: test-model-api-gen-gradle: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'temurin' java-version: '21' - name: Set up Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 - name: Assemble env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -106,14 +106,14 @@ jobs: test-model-client-js: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'temurin' java-version: '21' - name: Set up Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 - name: Assemble env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -126,14 +126,14 @@ jobs: test-bulk-model-sync-gradle: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'temurin' java-version: '21' - name: Set up Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 - name: Assemble env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index 14371e0790..14dc24c40b 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -12,7 +12,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 0d7a001dd2..9e94bf8f89 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -9,26 +9,26 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Project - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'temurin' java-version: '21' - name: Use tag as version run: echo "${GITHUB_REF#refs/*/}" > version.txt - name: Checkout Old Docs Versions for Index Page - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: gh-pages path: build/dokka - name: Generate Docs with Dokka run: ./gradlew :dokkaHtmlMultiModule - name: Publish to GitHub Pages - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: build/dokka diff --git a/.github/workflows/dry-run-release.yml b/.github/workflows/dry-run-release.yml index 1be77f94b9..bf5b01fdcc 100644 --- a/.github/workflows/dry-run-release.yml +++ b/.github/workflows/dry-run-release.yml @@ -7,19 +7,19 @@ jobs: name: Lint PR commits runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 # Use this action to run commitlint because pre-commit does not run it in CI. # pre-commit probably does not run commitlint in CI because pre-commit can only run it in the `commit-msg` stage. - - uses: wagoid/commitlint-github-action@v6 + - uses: wagoid/commitlint-github-action@0184f5a228ee06430bb9e67d65f73a1a6767496a # v6 test-release: name: Dry-run semantic-release runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - name: Checkout branch @@ -28,11 +28,11 @@ jobs: # branches. run: git checkout -b main - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' - name: Cache Node packages - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: node_modules key: release-${{ hashFiles('package.json') }}-${{ hashFiles('package-lock.json') }} diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index e8f17e0470..a4631f2da4 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -7,25 +7,25 @@ jobs: pre-commit: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' - - uses: actions/cache@v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: node_modules key: release-${{ hashFiles('package.json') }}-${{ hashFiles('package-lock.json') }} - name: Install dependencies run: npm ci - - uses: actions/setup-python@v5 - - uses: pre-commit/action@v3.0.1 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 + - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 openapi-linting: runs-on: ubuntu-24.04 steps: - name: Clone repo - uses: actions/checkout@v4 - - uses: stoplightio/spectral-action@v0.8.11 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: stoplightio/spectral-action@2ad0b9302e32a77c1caccf474a9b2191a8060d83 # v0.8.11 with: file_glob: 'model-server-openapi/specifications/model-server-*.yaml' spectral_ruleset: .spectral.yaml @@ -37,7 +37,7 @@ jobs: pull-requests: write steps: - name: Clone repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: # We need the history to find the common ancestor of the PR and the target branch from which we fetch the # baseline OpenAPI specifications to compare against. diff --git a/.github/workflows/mps-compatibility.yaml b/.github/workflows/mps-compatibility.yaml index 9f6872e780..91fa68ded5 100644 --- a/.github/workflows/mps-compatibility.yaml +++ b/.github/workflows/mps-compatibility.yaml @@ -27,17 +27,17 @@ jobs: - "2024.1" steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'temurin' java-version: '21' - name: Set up Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 - name: Build with ${{ matrix.version }} run: >- ./gradlew --build-cache diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 341032c2f7..59a16206d2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -23,19 +23,19 @@ jobs: # manual request via the workflow_dispatch event. PUSH: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' }} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' registry-url: 'https://artifacts.itemis.cloud/repository/npm-open/' scope: '<@modelix>' - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4 with: distribution: 'temurin' java-version: '21' - name: Set up Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4 - name: Configure the project version id: version @@ -52,7 +52,7 @@ jobs: echo "VERSION=${version}" >> $GITHUB_OUTPUT - name: Determine Docker metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 with: images: | modelix/model-server @@ -102,18 +102,18 @@ jobs: - name: Log in to Docker Hub # Only attempt to log in if we later attempt to push. if: ${{ env.PUSH == 'true' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_KEY }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 with: platforms: linux/amd64,linux/arm64 - name: Build and publish model-server Docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 with: context: ./model-server file: ./model-server/Dockerfile diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 687342a5ad..f9469acf8f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,15 +11,15 @@ jobs: if: ${{ github.ref == 'refs/heads/main' }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 token: ${{ secrets.RELEASE_TOKEN }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: '.nvmrc' - name: Cache Node packages - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: node_modules key: release-${{ hashFiles('package.json') }}-${{ hashFiles('package-lock.json') }}