From afe9600c04b3c735a9fde48bbe4fd89fbc89781d Mon Sep 17 00:00:00 2001 From: beerpiss Date: Sat, 20 Jan 2024 12:48:01 +0700 Subject: [PATCH] ci: Pin actions to specific SHA Rationale: https://blog.rafaelgss.dev/why-you-should-pin-actions-by-commit-hash --- .github/workflows/build_pull_request.yml | 9 +++++---- .github/workflows/build_push.yml | 8 ++++---- .github/workflows/publish.yml | 10 +++++----- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build_pull_request.yml b/.github/workflows/build_pull_request.yml index 70883a9..c03d9d8 100644 --- a/.github/workflows/build_pull_request.yml +++ b/.github/workflows/build_pull_request.yml @@ -3,6 +3,7 @@ name: CI Pull Request on: pull_request: + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true @@ -14,15 +15,15 @@ jobs: steps: - name: Checkout pull request - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: ref: ${{ github.event.pull_request.head.sha }} - name: Validate Gradle Wrapper - uses: gradle/wrapper-validation-action@v1 + uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: java-version: 17 distribution: adopt @@ -32,6 +33,6 @@ jobs: ./AndroidCompat/getAndroid.sh - name: Build project - uses: gradle/gradle-command-action@v2 + uses: gradle/gradle-command-action@982da8e78c05368c70dac0351bb82647a9e9a5d2 # v2 with: arguments: :inspector:shadowJar diff --git a/.github/workflows/build_push.yml b/.github/workflows/build_push.yml index 8d1180b..cd14c02 100644 --- a/.github/workflows/build_push.yml +++ b/.github/workflows/build_push.yml @@ -16,13 +16,13 @@ jobs: steps: - name: Clone repo - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Validate Gradle Wrapper - uses: gradle/wrapper-validation-action@v1 + uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: java-version: 17 distribution: adopt @@ -32,6 +32,6 @@ jobs: ./AndroidCompat/getAndroid.sh - name: Build project - uses: gradle/gradle-command-action@v2 + uses: gradle/gradle-command-action@982da8e78c05368c70dac0351bb82647a9e9a5d2 # v2 with: arguments: :inspector:shadowJar diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4d2fbb1..60e5651 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,15 +16,15 @@ jobs: steps: - name: Checkout ${{ github.ref }} - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: ref: ${{ github.ref }} - name: Validate Gradle Wrapper - uses: gradle/wrapper-validation-action@v1 + uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3 with: java-version: 17 distribution: adopt @@ -34,12 +34,12 @@ jobs: ./AndroidCompat/getAndroid.sh - name: Build project - uses: gradle/gradle-command-action@v2 + uses: gradle/gradle-command-action@982da8e78c05368c70dac0351bb82647a9e9a5d2 # v2 with: arguments: :inspector:shadowJar - name: Upload Release - uses: xresloader/upload-to-github-release@v1 + uses: xresloader/upload-to-github-release@2290df57aa316d1dae840ca57126a33bda98f45f # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: