diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 8ec4f042ed..b177a33a00 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -2,6 +2,9 @@ on: pull_request_target: types: ["labeled", "closed"] +permissions: + contents: read + jobs: backport: name: Backport PR @@ -18,7 +21,7 @@ jobs: contents: write steps: - name: Backport Action - uses: sqren/backport-github-action@v8.9.7 + uses: sqren/backport-github-action@e325a2d70df7264afa24c92b1d5feb2278ff63af # v8.9.7 with: github_token: ${{ secrets.GITHUB_TOKEN }} auto_backport_label_prefix: backport-to- diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 9af1c1ddca..31f4300814 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -45,7 +45,7 @@ jobs: done - name: Publish Test Results - uses: EnricoMi/publish-unit-test-result-action@v2 + uses: EnricoMi/publish-unit-test-result-action@4e7013f9576bd22ffdae979dc6e68cb9ec2aeece # v2.7.0 with: commit: ${{ github.event.workflow_run.head_sha }} event_file: artifacts/Event File/event.json diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index b54da2b191..617f734992 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -23,9 +23,9 @@ jobs: matrix: os: [ubuntu-latest, windows-latest, macos-latest] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up Java - uses: actions/setup-java@v3 + uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 with: java-version: | 8 @@ -34,14 +34,14 @@ jobs: 17 distribution: 'temurin' - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.m2/repository key: ${{ runner.os }}-tycho4m39-${{ matrix.os }}-${{ hashFiles('**/pom.xml', '**/*.target') }} restore-keys: | ${{ runner.os }}-tycho4m39-${{ matrix.os }}- - name: Set up Maven - uses: stCarolas/setup-maven@v4.5 + uses: stCarolas/setup-maven@07fbbe97d97ef44336b7382563d66743297e442f # v4.5 with: maven-version: 3.9.2 - name: Build Tycho @@ -51,7 +51,7 @@ jobs: cp .github/toolchains.xml ~/.m2/toolchains.xml mvn -U -V -e -B -ntp clean install --file pom.xml -DtrimStackTrace=false -Pits -fae - name: Upload Test Results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 if: always() with: name: test-results-${{ matrix.os }} @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Upload - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: Event File path: ${{ github.event_path }} diff --git a/.github/workflows/sitedocs.yml b/.github/workflows/sitedocs.yml index 0a6e9c563a..17c3dfcbe8 100644 --- a/.github/workflows/sitedocs.yml +++ b/.github/workflows/sitedocs.yml @@ -7,6 +7,9 @@ on: branches: - 'master' - 'tycho-*' +permissions: + contents: read + jobs: build: name: Publish site-docs @@ -18,31 +21,31 @@ jobs: repository-projects: write steps: - name: Inject slug/short variables - uses: rlespinasse/github-slug-action@v4.4.1 + uses: rlespinasse/github-slug-action@102b1a064a9b145e56556e22b18b19c624538d94 # v4.4.1 - name: Checkout tycho code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: path: 'tycho' - name: Checkout page - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: path: 'page' token: ${{ secrets.TYCHO_SITE_PAT }} repository: 'eclipse-tycho/eclipse-tycho.github.io' - name: Set up Java - uses: actions/setup-java@v3 + uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 with: java-version: 17 distribution: 'temurin' - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-site-${{ hashFiles('**/pom.xml', '**/*.target') }} restore-keys: | ${{ runner.os }}-maven-site- - name: Set up Maven - uses: stCarolas/setup-maven@v4.5 + uses: stCarolas/setup-maven@07fbbe97d97ef44336b7382563d66743297e442f # v4.5 with: maven-version: 3.9.2 - name: Build site-doc @@ -51,7 +54,7 @@ jobs: run: | mvn -U -V -e -B -ntp clean install site site:stage --file tycho/pom.xml -T1C -DskipTests - name: Upload site-doc - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: site-docs-${{ env.GITHUB_REF_NAME }} if-no-files-found: error diff --git a/.github/workflows/verify-platform.yml b/.github/workflows/verify-platform.yml index 7b4f968b84..b66386f4cf 100644 --- a/.github/workflows/verify-platform.yml +++ b/.github/workflows/verify-platform.yml @@ -15,11 +15,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout tycho code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: path: 'tycho' - name: Checkout platform code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: path: 'platform' submodules: 'recursive' @@ -27,7 +27,7 @@ jobs: repository: 'eclipse-platform/eclipse.platform.releng.aggregator' fetch-depth: 0 - name: Set up Java - uses: actions/setup-java@v3 + uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 with: java-version: | 8 @@ -36,14 +36,14 @@ jobs: 17 distribution: 'temurin' - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-verify-platform-${{ hashFiles('**/pom.xml', '**/*.target') }} restore-keys: | ${{ runner.os }}-maven-verify-platform- - name: Set up Maven - uses: stCarolas/setup-maven@v4.5 + uses: stCarolas/setup-maven@07fbbe97d97ef44336b7382563d66743297e442f # v4.5 with: maven-version: 3.9.2 - name: Build Tycho diff --git a/.github/workflows/verify-platform2.yml b/.github/workflows/verify-platform2.yml index bb2443115e..637b8cc375 100644 --- a/.github/workflows/verify-platform2.yml +++ b/.github/workflows/verify-platform2.yml @@ -15,11 +15,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout tycho code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: path: 'tycho' - name: Checkout platform code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: path: 'platform' submodules: 'recursive' @@ -27,7 +27,7 @@ jobs: repository: 'eclipse-platform/eclipse.platform' fetch-depth: 0 - name: Set up Java - uses: actions/setup-java@v3 + uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 with: java-version: | 8 @@ -36,14 +36,14 @@ jobs: 17 distribution: 'temurin' - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-verify-platform-individual-${{ hashFiles('**/pom.xml', '**/*.target') }} restore-keys: | ${{ runner.os }}-maven-verify-platform-individual- - name: Set up Maven - uses: stCarolas/setup-maven@v4.5 + uses: stCarolas/setup-maven@07fbbe97d97ef44336b7382563d66743297e442f # v4.5 with: maven-version: 3.9.2 - name: Build Tycho @@ -58,7 +58,7 @@ jobs: --global-toolchains ${{ github.workspace }}/tycho/.github/toolchains.xml clean install - name: Run Platform Build - uses: GabrielBB/xvfb-action@v1 + uses: GabrielBB/xvfb-action@86d97bde4a65fe9b290c0b3fb92c2c4ed0e5302d # v1.6 env: JAVA_HOME: ${{ env.JAVA_HOME_17_X64 }} with: