From 0ef75b5602104173c27e39b894d8a1c3c34cbc1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 06:22:51 +0000 Subject: [PATCH 1/2] chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/cve-check.yml | 2 +- .github/workflows/fossa.yml | 2 +- .github/workflows/java-ci-latest.yml | 2 +- .github/workflows/java-ci-windows.yaml | 2 +- .github/workflows/java-ci.yaml | 4 ++-- .github/workflows/javadoc.yml | 2 +- .github/workflows/mongodb.yml | 2 +- .github/workflows/publish-docs.yml | 2 +- .github/workflows/publish-release-maven-central.yml | 2 +- .github/workflows/pull-request-snapshots.yml | 2 +- .github/workflows/release-preview-pr.yml | 2 +- .github/workflows/sonar.yml | 2 +- .github/workflows/spotless.yml | 2 +- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml index 5615e7df9..b833f1d06 100644 --- a/.github/workflows/cve-check.yml +++ b/.github/workflows/cve-check.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index b7f9ee149..785203864 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -28,7 +28,7 @@ jobs: -f description='Checking Licenses' -f context='fossa-license-analyze' continue-on-error: true - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 with: ref: ${{ github.event.workflow_run.head_sha }} # checkout commit that triggered this workflow diff --git a/.github/workflows/java-ci-latest.yml b/.github/workflows/java-ci-latest.yml index 848cdc380..86a8bfe60 100644 --- a/.github/workflows/java-ci-latest.yml +++ b/.github/workflows/java-ci-latest.yml @@ -33,7 +33,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Set up JDK ${{ matrix.java_version }} uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 diff --git a/.github/workflows/java-ci-windows.yaml b/.github/workflows/java-ci-windows.yaml index 510565078..0604ee7ed 100644 --- a/.github/workflows/java-ci-windows.yaml +++ b/.github/workflows/java-ci-windows.yaml @@ -22,7 +22,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues diff --git a/.github/workflows/java-ci.yaml b/.github/workflows/java-ci.yaml index 7050ede9a..4833a6d43 100644 --- a/.github/workflows/java-ci.yaml +++ b/.github/workflows/java-ci.yaml @@ -20,7 +20,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues @@ -77,7 +77,7 @@ jobs: timeout-minutes: 60 needs: build steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/javadoc.yml b/.github/workflows/javadoc.yml index 077ce0c4a..2bc9fdfaa 100644 --- a/.github/workflows/javadoc.yml +++ b/.github/workflows/javadoc.yml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 diff --git a/.github/workflows/mongodb.yml b/.github/workflows/mongodb.yml index 3ae902fc8..33e7d837e 100644 --- a/.github/workflows/mongodb.yml +++ b/.github/workflows/mongodb.yml @@ -15,7 +15,7 @@ jobs: env: TEST_MONGODB_CONNECTION_STRING: mongodb://test:example@localhost:27017/testdb?authSource=admin steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index ff2e980f8..0eab2efce 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -8,7 +8,7 @@ jobs: deploy: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 with: fetch-depth: 1 - run: git config user.name 'github-actions[bot]' && git config user.email 'github-actions[bot]@users.noreply.github.com' diff --git a/.github/workflows/publish-release-maven-central.yml b/.github/workflows/publish-release-maven-central.yml index 97c5bdd88..c5c50d6a2 100644 --- a/.github/workflows/publish-release-maven-central.yml +++ b/.github/workflows/publish-release-maven-central.yml @@ -15,7 +15,7 @@ jobs: upload-maven-central: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3 diff --git a/.github/workflows/pull-request-snapshots.yml b/.github/workflows/pull-request-snapshots.yml index 9c74a434a..7be359e86 100644 --- a/.github/workflows/pull-request-snapshots.yml +++ b/.github/workflows/pull-request-snapshots.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 60 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 with: diff --git a/.github/workflows/release-preview-pr.yml b/.github/workflows/release-preview-pr.yml index 43f0d97af..297f63783 100644 --- a/.github/workflows/release-preview-pr.yml +++ b/.github/workflows/release-preview-pr.yml @@ -8,7 +8,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 with: fetch-depth: 0 - name: Collect semantic-release-info diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 3d8db3abb..8a17884d8 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 60 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 with: ref: ${{ github.event.workflow_run.head_sha }} # checkout commit that triggered this workflow fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues diff --git a/.github/workflows/spotless.yml b/.github/workflows/spotless.yml index a7fc22cfd..e1b589795 100644 --- a/.github/workflows/spotless.yml +++ b/.github/workflows/spotless.yml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 From 8a35cbadb120cc1e321d7562e58b2fd2bc48e7e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Siebahn?= <43337019+JoergSiebahn@users.noreply.github.com> Date: Thu, 13 Jun 2024 09:00:42 +0200 Subject: [PATCH 2/2] chore(build): document action tag referenced by hash --- .github/workflows/cve-check.yml | 2 +- .github/workflows/fossa.yml | 2 +- .github/workflows/java-ci-latest.yml | 2 +- .github/workflows/java-ci-windows.yaml | 2 +- .github/workflows/java-ci.yaml | 4 ++-- .github/workflows/javadoc.yml | 2 +- .github/workflows/mongodb.yml | 2 +- .github/workflows/publish-docs.yml | 2 +- .github/workflows/publish-release-maven-central.yml | 2 +- .github/workflows/pull-request-snapshots.yml | 2 +- .github/workflows/release-preview-pr.yml | 2 +- .github/workflows/sonar.yml | 2 +- .github/workflows/spotless.yml | 2 +- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml index b833f1d06..26f9f0899 100644 --- a/.github/workflows/cve-check.yml +++ b/.github/workflows/cve-check.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 785203864..491d41960 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -28,7 +28,7 @@ jobs: -f description='Checking Licenses' -f context='fossa-license-analyze' continue-on-error: true - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 with: ref: ${{ github.event.workflow_run.head_sha }} # checkout commit that triggered this workflow diff --git a/.github/workflows/java-ci-latest.yml b/.github/workflows/java-ci-latest.yml index 86a8bfe60..185450f31 100644 --- a/.github/workflows/java-ci-latest.yml +++ b/.github/workflows/java-ci-latest.yml @@ -33,7 +33,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Set up JDK ${{ matrix.java_version }} uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 diff --git a/.github/workflows/java-ci-windows.yaml b/.github/workflows/java-ci-windows.yaml index 0604ee7ed..5ba3453f0 100644 --- a/.github/workflows/java-ci-windows.yaml +++ b/.github/workflows/java-ci-windows.yaml @@ -22,7 +22,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 with: fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues diff --git a/.github/workflows/java-ci.yaml b/.github/workflows/java-ci.yaml index 4833a6d43..ae16e1e3d 100644 --- a/.github/workflows/java-ci.yaml +++ b/.github/workflows/java-ci.yaml @@ -20,7 +20,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 with: fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues @@ -77,7 +77,7 @@ jobs: timeout-minutes: 60 needs: build steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/javadoc.yml b/.github/workflows/javadoc.yml index 2bc9fdfaa..781381bc9 100644 --- a/.github/workflows/javadoc.yml +++ b/.github/workflows/javadoc.yml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 diff --git a/.github/workflows/mongodb.yml b/.github/workflows/mongodb.yml index 33e7d837e..c061b2fa6 100644 --- a/.github/workflows/mongodb.yml +++ b/.github/workflows/mongodb.yml @@ -15,7 +15,7 @@ jobs: env: TEST_MONGODB_CONNECTION_STRING: mongodb://test:example@localhost:27017/testdb?authSource=admin steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 0eab2efce..a1aa6d722 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -8,7 +8,7 @@ jobs: deploy: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 with: fetch-depth: 1 - run: git config user.name 'github-actions[bot]' && git config user.email 'github-actions[bot]@users.noreply.github.com' diff --git a/.github/workflows/publish-release-maven-central.yml b/.github/workflows/publish-release-maven-central.yml index c5c50d6a2..d94c7145b 100644 --- a/.github/workflows/publish-release-maven-central.yml +++ b/.github/workflows/publish-release-maven-central.yml @@ -15,7 +15,7 @@ jobs: upload-maven-central: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # tag=v3 diff --git a/.github/workflows/pull-request-snapshots.yml b/.github/workflows/pull-request-snapshots.yml index 7be359e86..b40851a26 100644 --- a/.github/workflows/pull-request-snapshots.yml +++ b/.github/workflows/pull-request-snapshots.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 60 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 with: diff --git a/.github/workflows/release-preview-pr.yml b/.github/workflows/release-preview-pr.yml index 297f63783..a12c70bc0 100644 --- a/.github/workflows/release-preview-pr.yml +++ b/.github/workflows/release-preview-pr.yml @@ -8,7 +8,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 with: fetch-depth: 0 - name: Collect semantic-release-info diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 8a17884d8..26df5bad6 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 60 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 with: ref: ${{ github.event.workflow_run.head_sha }} # checkout commit that triggered this workflow fetch-depth: 0 # fetch commit log so that Sonar is able to assign committers to issues diff --git a/.github/workflows/spotless.yml b/.github/workflows/spotless.yml index e1b589795..208d74248 100644 --- a/.github/workflows/spotless.yml +++ b/.github/workflows/spotless.yml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Set up JDK 17 uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9