diff --git a/.github/workflows/codecoverage.yaml b/.github/workflows/codecoverage.yaml index 54fe075fe..ba18ca213 100644 --- a/.github/workflows/codecoverage.yaml +++ b/.github/workflows/codecoverage.yaml @@ -17,19 +17,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Generate Coverage Report - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: jacocoMergedReport - name: Publish Coverage if: success() - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # tag=v3 diff --git a/.github/workflows/deploy-snapshot.yaml b/.github/workflows/deploy-snapshot.yaml index 207a3584f..4965f0200 100644 --- a/.github/workflows/deploy-snapshot.yaml +++ b/.github/workflows/deploy-snapshot.yaml @@ -14,21 +14,21 @@ jobs: if: github.repository == 'detekt/detekt' && !contains(github.event.head_commit.message, 'ci skip') steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Build detekt - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: build - name: Deploy Snapshot - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 env: ORG_GRADLE_PROJECT_SIGNING_KEY: ${{ secrets.ORG_GRADLE_PROJECT_SIGNING_KEY }} ORG_GRADLE_PROJECT_SIGNING_PWD: ${{ secrets.ORG_GRADLE_PROJECT_SIGNING_PWD }} diff --git a/.github/workflows/detekt-with-type-resolution.yaml b/.github/workflows/detekt-with-type-resolution.yaml index d27a29758..57faba063 100644 --- a/.github/workflows/detekt-with-type-resolution.yaml +++ b/.github/workflows/detekt-with-type-resolution.yaml @@ -23,21 +23,21 @@ jobs: if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Run detekt-cli with argsfile - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: :detekt-cli:runWithArgsFile - name: Upload SARIF to Github using the upload-sarif action - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2 if: ${{ always() }} with: sarif_file: build/detekt-report.sarif @@ -48,14 +48,14 @@ jobs: if: ${{ !contains(github.event.head_commit.message, 'ci skip') }} steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Run analysis - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: detektMain detektTest diff --git a/.github/workflows/fossascan.yaml b/.github/workflows/fossascan.yaml index b63a4cce5..a7290c2eb 100644 --- a/.github/workflows/fossascan.yaml +++ b/.github/workflows/fossascan.yaml @@ -14,9 +14,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Run FOSSA Scan - uses: fossas/fossa-action@v1 + uses: fossas/fossa-action@30055fd3dbc35d6ca57da934b5d8ac213a7871b4 # tag=v1 with: api-key: ${{ secrets.FOSSA_API_KEY }} diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index b6f0bdc1e..54db918ea 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -16,6 +16,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout latest code - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Validate Gradle Wrapper - uses: gradle/wrapper-validation-action@v1 + uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b # tag=v1 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index ddd213146..6f3ccec79 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -9,6 +9,6 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@9fd24f1f9d6ceb64ba34d181b329ee72f99978a0 # tag=v4 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pre-merge.yaml b/.github/workflows/pre-merge.yaml index 8a46716c5..40f53b0a2 100644 --- a/.github/workflows/pre-merge.yaml +++ b/.github/workflows/pre-merge.yaml @@ -30,31 +30,31 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: ${{ matrix.jdk }} distribution: 'temurin' - name: Build detekt - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: build -x detekt - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3 with: name: heap-dump path: '**.hprof' if-no-files-found: ignore - name: Run detekt-cli --help - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: :detekt-cli:runWithHelpFlag - name: Run detekt-cli with argsfile - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: :detekt-cli:runWithArgsFile - name: Try to publish to Maven Local - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: publishToMavenLocal @@ -63,14 +63,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Verify Generated Detekt Config File - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: verifyGeneratorOutput @@ -79,14 +79,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Build and compile test snippets - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: test -Pcompile-test-snippets=true @@ -95,13 +95,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Run with allWarningsAsErrors - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: build -x detekt -PwarningsAsErrors=true diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index d6fc2f89b..0d7864b61 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -10,7 +10,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v5 + - uses: actions/stale@3cc123766321e9f15a6676375c154ccffb12a358 # tag=v5 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 90 diff --git a/.github/workflows/website.yaml b/.github/workflows/website.yaml index fc13a5076..0f0ea6921 100644 --- a/.github/workflows/website.yaml +++ b/.github/workflows/website.yaml @@ -17,23 +17,23 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Setup Java - uses: actions/setup-java@v3 + uses: actions/setup-java@860f60056505705214d223b91ed7a30f173f6142 # tag=v3 with: java-version: 17 distribution: 'temurin' - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3 with: node-version: '16' cache: 'yarn' cache-dependency-path: 'website/yarn.lock' - name: Build Detekt Documentation - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@e88ed3e650b26bd116cfee53cf198c1f6856682d # tag=v2 with: arguments: :detekt-generator:generateDocumentation @@ -46,7 +46,7 @@ jobs: run: yarn build - name: Deploy Github Pages (only on main) - uses: JamesIves/github-pages-deploy-action@v4 + uses: JamesIves/github-pages-deploy-action@8817a56e5bfec6e2b08345c81f4d422db53a2cdc # tag=v4 if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} with: branch: gh-pages