From dec4bee4345b2eb261a167b81ccbd9afba56feff Mon Sep 17 00:00:00 2001 From: "eclipse-otterdog[bot]" <158182605+eclipse-otterdog[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:15:17 +0000 Subject: [PATCH 1/7] Pinning workflow .github/workflows/build_and_test.yml --- .github/workflows/build_and_test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 0f87078..8d97982 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -28,11 +28,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: 'recursive' - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: java-version: '17' distribution: 'temurin' From 6567740146295987a78e1845a925d3f33629e667 Mon Sep 17 00:00:00 2001 From: "eclipse-otterdog[bot]" <158182605+eclipse-otterdog[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:15:18 +0000 Subject: [PATCH 2/7] Pinning workflow .github/workflows/build_deploy.yml --- .github/workflows/build_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml index 4b733ac..33249ab 100644 --- a/.github/workflows/build_deploy.yml +++ b/.github/workflows/build_deploy.yml @@ -25,12 +25,12 @@ jobs: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: 'recursive' - name: Set up Apache Maven Central - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: # configure settings.xml distribution: 'temurin' java-version: '17' From 409ead969546ec371074a6d97e239a3ca73cab7b Mon Sep 17 00:00:00 2001 From: "eclipse-otterdog[bot]" <158182605+eclipse-otterdog[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:15:20 +0000 Subject: [PATCH 3/7] Pinning workflow .github/workflows/codeql.yml --- .github/workflows/codeql.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a6ebf0b..f184283 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,13 +46,13 @@ jobs: build-mode: autobuild steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: 'recursive' # Setup java 17. - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: java-version: '17' distribution: 'temurin' @@ -60,12 +60,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@d77b13a0df3134d64a457ea9003f600b09fa1c8a # v3.36.1 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@d77b13a0df3134d64a457ea9003f600b09fa1c8a # v3.36.1 with: category: "/language:${{matrix.language}}" From fc27d3b2f3e7af2b630c75769c387a3725b01567 Mon Sep 17 00:00:00 2001 From: "eclipse-otterdog[bot]" <158182605+eclipse-otterdog[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:15:21 +0000 Subject: [PATCH 4/7] Pinning workflow .github/workflows/coverage.yml --- .github/workflows/coverage.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index d90c556..30492f8 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -34,7 +34,7 @@ jobs: run: sudo apt-get update && sudo apt-get install -y libxml2-utils - name: Set up Java with Maven - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: # configure settings.xml distribution: 'temurin' java-version: '17' @@ -70,7 +70,7 @@ jobs: path: target/site/jacoco - name: Generate coverage comment - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | const fs = require('fs'); From 4bc49e2f0e8991472f61a50f06671afebd4d893c Mon Sep 17 00:00:00 2001 From: "eclipse-otterdog[bot]" <158182605+eclipse-otterdog[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:15:22 +0000 Subject: [PATCH 5/7] Pinning workflow .github/workflows/latest-up-spec-compatibility.yaml --- .github/workflows/latest-up-spec-compatibility.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/latest-up-spec-compatibility.yaml b/.github/workflows/latest-up-spec-compatibility.yaml index 90f5ef8..561abb0 100644 --- a/.github/workflows/latest-up-spec-compatibility.yaml +++ b/.github/workflows/latest-up-spec-compatibility.yaml @@ -35,7 +35,7 @@ jobs: requirements-tracing: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: "recursive" - name: Fast-Forward to HEAD revision of uProtocol Spec main branch @@ -49,7 +49,7 @@ jobs: cd "${{ github.workspace }}" - name: "Determine OpenFastTrace file patterns from .env file" - uses: xom9ikk/dotenv@v2.3.0 + uses: xom9ikk/dotenv@ac290ca23a42155a0cba1031d23afa46240116a9 # v2.3.0 with: mode: "oft-latest" load-mode: strict From b35633f4d8c4dea23322c3488d1970fb9eb7d73f Mon Sep 17 00:00:00 2001 From: "eclipse-otterdog[bot]" <158182605+eclipse-otterdog[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:15:23 +0000 Subject: [PATCH 6/7] Pinning workflow .github/workflows/lint.yml --- .github/workflows/lint.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 3a5e7e4..a62a600 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,12 +26,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: 'recursive' - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: java-version: '17' distribution: 'temurin' @@ -47,17 +47,17 @@ jobs: # check links contained in markdown and source code files runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: "recursive" - name: Restore lychee cache - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: .lycheecache key: cache-lychee-${{ github.sha }} restore-keys: cache-lychee- - name: Run lychee - uses: lycheeverse/lychee-action@v2 + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0 with: args: "--cache --max-cache-age 1d --verbose --no-progress --exclude-path './target/' --exclude-path './up-spec/' -- './**/*.md' './**/*.java'" From 0254d0e05ed3d7ccc00268d592565cc625e1801e Mon Sep 17 00:00:00 2001 From: "eclipse-otterdog[bot]" <158182605+eclipse-otterdog[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 10:15:25 +0000 Subject: [PATCH 7/7] Pinning workflow .github/workflows/release.yml --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 87d52e1..e88a02c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,13 +30,13 @@ jobs: git config --global user.name 'eclipse-uprotocol-bot' git config --global user.email 'uprotocol-bot@eclipse.org' - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: 'recursive' token: ${{ secrets.BOT_GITHUB_TOKEN }} - name: Set up Apache Maven Central - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: # configure settings.xml distribution: 'temurin' java-version: '17'