diff --git a/.github/actions/generate-dependencies-file/action.yml b/.github/actions/generate-dependencies-file/action.yml index 20e19b9..150c996 100644 --- a/.github/actions/generate-dependencies-file/action.yml +++ b/.github/actions/generate-dependencies-file/action.yml @@ -10,7 +10,7 @@ inputs: runs: using: "composite" steps: - - uses: eclipse-edc/.github/.github/actions/setup-build@main + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 - name: Download latest Eclipse Dash shell: bash run: | diff --git a/.github/actions/publish-autodoc/action.yml b/.github/actions/publish-autodoc/action.yml index 43a5aec..10365f1 100644 --- a/.github/actions/publish-autodoc/action.yml +++ b/.github/actions/publish-autodoc/action.yml @@ -12,7 +12,7 @@ inputs: runs: using: "composite" steps: - - uses: eclipse-edc/.github/.github/actions/setup-build@main + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 - name: Override version if input is set shell: bash @@ -51,7 +51,7 @@ runs: cp deploy/autodoc/${{ env.VERSION }}/* deploy/autodoc/ - name: Deploy to GitHub Pages - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 with: github_token: ${{ inputs.token }} publish_dir: deploy diff --git a/.github/actions/publish-maven-artifacts/action.yml b/.github/actions/publish-maven-artifacts/action.yml index 30c9395..31b156c 100644 --- a/.github/actions/publish-maven-artifacts/action.yml +++ b/.github/actions/publish-maven-artifacts/action.yml @@ -21,9 +21,9 @@ inputs: runs: using: "composite" steps: - - uses: eclipse-edc/.github/.github/actions/setup-build@main + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 - - uses: eclipse-edc/.github/.github/actions/import-gpg-key@main + - uses: sovity/core-edc-github/.github/actions/import-gpg-key@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ inputs.gpg-private-key }} diff --git a/.github/actions/request-dependencies-review/action.yml b/.github/actions/request-dependencies-review/action.yml index a6df7d9..63c0bf6 100644 --- a/.github/actions/request-dependencies-review/action.yml +++ b/.github/actions/request-dependencies-review/action.yml @@ -9,7 +9,7 @@ inputs: runs: using: "composite" steps: - - uses: eclipse-edc/.github/.github/actions/generate-dependencies-file@main + - uses: sovity/core-edc-github/.github/actions/generate-dependencies-file@0.11.1_2025-03-10_2 - shell: bash run: | cat DEPENDENCIES* | grep restricted | sort -u | awk -F ',' '{print $1}' | java -jar dash.jar - -review -project technology.edc -token ${{ inputs.gitlab-token }} || true diff --git a/.github/actions/setup-build/action.yml b/.github/actions/setup-build/action.yml index bcd34cc..b1ed14f 100644 --- a/.github/actions/setup-build/action.yml +++ b/.github/actions/setup-build/action.yml @@ -3,7 +3,7 @@ description: "Setup Gradle" runs: using: "composite" steps: - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 with: java-version: '17' distribution: 'temurin' diff --git a/.github/workflows/_discord-webhook.yml b/.github/workflows/_discord-webhook.yml index e27a682..66cf8a6 100644 --- a/.github/workflows/_discord-webhook.yml +++ b/.github/workflows/_discord-webhook.yml @@ -10,7 +10,7 @@ on: jobs: trigger-workflow: - uses: eclipse-edc/.github/.github/workflows/discord-webhook.yml@main + uses: sovity/core-edc-github/.github/workflows/discord-webhook.yml@0.11.1_2025-03-10_2 with: event_discussion_html_url: ${{ github.event.discussion.html_url }} event_discussion_title: ${{ github.event.discussion.title }} diff --git a/.github/workflows/_first-interaction.yml b/.github/workflows/_first-interaction.yml index b1daff1..3a57b27 100644 --- a/.github/workflows/_first-interaction.yml +++ b/.github/workflows/_first-interaction.yml @@ -8,6 +8,6 @@ on: jobs: trigger-workflow: - uses: eclipse-edc/.github/.github/workflows/first-interaction.yml@main + uses: sovity/core-edc-github/.github/workflows/first-interaction.yml@0.11.1_2025-03-10_2 secrets: envGH: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/_scan-pull-request.yml b/.github/workflows/_scan-pull-request.yml index 5ad1602..3bec6cc 100644 --- a/.github/workflows/_scan-pull-request.yml +++ b/.github/workflows/_scan-pull-request.yml @@ -11,6 +11,6 @@ concurrency: jobs: trigger-workflow: - uses: eclipse-edc/.github/.github/workflows/scan-pull-request.yml@main + uses: sovity/core-edc-github/.github/workflows/scan-pull-request.yml@0.11.1_2025-03-10_2 secrets: envGH: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/_stale-bot.yml b/.github/workflows/_stale-bot.yml index 28f7293..3aa4a1d 100644 --- a/.github/workflows/_stale-bot.yml +++ b/.github/workflows/_stale-bot.yml @@ -7,6 +7,6 @@ on: jobs: trigger-workflow: - uses: eclipse-edc/.github/.github/workflows/stale-bot.yml@main + uses: sovity/core-edc-github/.github/workflows/stale-bot.yml@0.11.1_2025-03-10_2 secrets: envGH: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8a8cd01..6a2fb9d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -18,12 +18,12 @@ jobs: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/setup-build@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 # v3.34.1 with: languages: ${{ matrix.language }} queries: +security-and-quality @@ -37,5 +37,5 @@ jobs: run: ./gradlew compileJava --no-daemon - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 # v3.34.1 diff --git a/.github/workflows/core-prepare-release.yml b/.github/workflows/core-prepare-release.yml index aed2e15..8b02072 100644 --- a/.github/workflows/core-prepare-release.yml +++ b/.github/workflows/core-prepare-release.yml @@ -15,7 +15,7 @@ jobs: outputs: RELEASE_REF: ${{ steps.commit-changes.outputs.RELEASE_REF }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: set release type shell: bash @@ -28,14 +28,14 @@ jobs: fi echo "type=$type" >> $GITHUB_OUTPUT - - uses: eclipse-edc/.github/.github/actions/generate-dependencies-file@main + - uses: sovity/core-edc-github/.github/actions/generate-dependencies-file@0.11.1_2025-03-10_2 with: run: strict - name: Replace published DEPENDENCIES file link in NOTICE with the one just created run: sed -i "s#\[DEPENDENCIES\]\(.*\)#\[DEPENDENCIES\]\(DEPENDENCIES\)#g" NOTICE.md - - uses: eclipse-edc/.github/.github/actions/set-project-version@main + - uses: sovity/core-edc-github/.github/actions/set-project-version@0.11.1_2025-03-10_2 with: version: ${{ inputs.version }}-SNAPSHOT @@ -60,10 +60,10 @@ jobs: needs: [ Prepare-Release ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - - uses: eclipse-edc/.github/.github/actions/bump-version@main + - uses: sovity/core-edc-github/.github/actions/bump-version@0.11.1_2025-03-10_2 with: base_version: ${{ inputs.version }} @@ -73,11 +73,11 @@ jobs: needs: [ Bump-Main-Version ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main + - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} @@ -90,11 +90,11 @@ jobs: needs: [ Prepare-Release ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.Prepare-Release.outputs.RELEASE_REF }} - - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main + - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} diff --git a/.github/workflows/core-release.yml b/.github/workflows/core-release.yml index d6c2254..276ad9a 100644 --- a/.github/workflows/core-release.yml +++ b/.github/workflows/core-release.yml @@ -16,13 +16,13 @@ jobs: VERSION: ${{ steps.set-version.outputs.VERSION }} TAG: ${{ steps.set-tag.outputs.TAG }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - id: set-version run: | VERSION=$(echo ${{ github.ref_name }} | cut -d '/' -f 2) echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - - uses: eclipse-edc/.github/.github/actions/set-project-version@main + - uses: sovity/core-edc-github/.github/actions/set-project-version@0.11.1_2025-03-10_2 with: version: ${{ steps.set-version.outputs.VERSION }} - shell: bash @@ -42,14 +42,14 @@ jobs: echo "TAG=$TAG" >> $GITHUB_OUTPUT create-github-release: - needs: [ Create-Tag ] + needs: [ create-tag ] runs-on: ubuntu-latest permissions: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create GitHub Release - uses: ncipollo/release-action@v1 + uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0 with: generateReleaseNotes: true tag: ${{ needs.Create-Tag.outputs.TAG }} @@ -58,12 +58,12 @@ jobs: publish-autodoc: if: inputs.publish-autodoc == true - needs: [ Create-Tag ] + needs: [ create-tag ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.ref_name }} - - uses: eclipse-edc/.github/.github/actions/publish-autodoc@main + - uses: sovity/core-edc-github/.github/actions/publish-autodoc@0.11.1_2025-03-10_2 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/discord-webhook.yml b/.github/workflows/discord-webhook.yml index 63ab100..2975df8 100644 --- a/.github/workflows/discord-webhook.yml +++ b/.github/workflows/discord-webhook.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: New Discussion - uses: tsickert/discord-webhook@v6.0.0 + uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4 # v6.0.0 if: ${{ (inputs.event_name == 'discussion') }} with: webhook-url: ${{ secrets.env_discord }} @@ -59,7 +59,7 @@ jobs: embed-color: 16305330 - name: New Issue - uses: tsickert/discord-webhook@v6.0.0 + uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4 # v6.0.0 if: ${{ (inputs.event_name == 'issues') }} with: webhook-url: ${{ secrets.env_discord }} @@ -73,7 +73,7 @@ jobs: embed-color: 14023876 - name: New Pull Request - uses: tsickert/discord-webhook@v6.0.0 + uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4 # v6.0.0 if: ${{ (inputs.event_name == 'pull_request_target') }} with: webhook-url: ${{ secrets.env_discord }} diff --git a/.github/workflows/first-interaction.yml b/.github/workflows/first-interaction.yml index 7cd283f..9764be2 100644 --- a/.github/workflows/first-interaction.yml +++ b/.github/workflows/first-interaction.yml @@ -10,11 +10,11 @@ jobs: add-comment: runs-on: ubuntu-latest steps: - - uses: actions/first-interaction@v1 + - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0 with: - repo-token: ${{ secrets.envGH }} - issue-message: 'Thanks for your contribution :fire: We will take a look asap :rocket:' - pr-message: >- + repo_token: ${{ secrets.envGH }} + issue_message: 'Thanks for your contribution :fire: We will take a look asap :rocket:' + pr_message: >- We are always happy to welcome new contributors :heart: To make things easier for everyone, please make sure to follow our [contributors manual](https://eclipse-edc.github.io/documentation/for-contributors/), check if you have already signed the [ECA](http://www.eclipse.org/legal/ecafaq.php), and diff --git a/.github/workflows/publish-autodoc.yml b/.github/workflows/publish-autodoc.yml index 79046f2..b10601d 100644 --- a/.github/workflows/publish-autodoc.yml +++ b/.github/workflows/publish-autodoc.yml @@ -12,7 +12,7 @@ jobs: generate-and-deploy-doc: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/publish-autodoc@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/publish-autodoc@0.11.1_2025-03-10_2 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish-dependencies.yml b/.github/workflows/publish-dependencies.yml index 90c6546..2d2df76 100644 --- a/.github/workflows/publish-dependencies.yml +++ b/.github/workflows/publish-dependencies.yml @@ -9,8 +9,8 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/generate-dependencies-file@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/generate-dependencies-file@0.11.1_2025-03-10_2 - name: prepare deploy run: | @@ -18,7 +18,7 @@ jobs: mv DEPENDENCIES public/ - name: Deploy to GitHub Pages - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: public @@ -29,7 +29,7 @@ jobs: if: "failure()" runs-on: ubuntu-latest steps: - - uses: sarisia/actions-status-discord@v1 + - uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0 with: webhook: ${{ secrets.DISCORD_GITHUB_CI_WEBHOOK }} status: ${{ needs.publish-dependencies.result }} diff --git a/.github/workflows/publish-openapi-ui.yml b/.github/workflows/publish-openapi-ui.yml index 243af13..8ab8d5d 100644 --- a/.github/workflows/publish-openapi-ui.yml +++ b/.github/workflows/publish-openapi-ui.yml @@ -9,11 +9,11 @@ jobs: outputs: api_groups: ${{ steps.outputStep.outputs.matrix }} steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/setup-build@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 - name: Generate API Specs run: ./gradlew resolve - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: openapi-spec path: resources/openapi/yaml @@ -35,9 +35,9 @@ jobs: rootDir: resources/openapi/yaml/${{ matrix.apiGroup }} versionFile: resources/openapi/${{ matrix.apiGroup }}.version steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/setup-build@main - - uses: actions/download-artifact@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: openapi-spec path: resources/openapi/yaml @@ -58,21 +58,21 @@ jobs: ./gradlew -PapiVersion=${{ env.VERSION }} -PapiTitle="${{ matrix.apiGroup }}" -PapiDescription="REST API documentation for the ${{ matrix.apiGroup }}" :mergeApiSpec --input=${{ env.rootDir }} --output=${{ matrix.apiGroup }}.yaml - name: Generate Swagger UI current version - uses: Legion2/swagger-ui-action@v1 + uses: Legion2/swagger-ui-action@eff65dc3f193f0a749872be82f74baa35be0797d # v1.3.0 with: output: swagger-ui/${{ env.VERSION }} spec-file: ${{ matrix.apiGroup }}.yaml GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Generate Swagger UI stable version - uses: Legion2/swagger-ui-action@v1 + uses: Legion2/swagger-ui-action@eff65dc3f193f0a749872be82f74baa35be0797d # v1.3.0 if: ${{ !endsWith( env.VERSION, '-SNAPSHOT') }} with: output: swagger-ui spec-file: ${{ matrix.apiGroup }}.yaml GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: ${{ matrix.apiGroup }} path: swagger-ui @@ -81,12 +81,12 @@ jobs: needs: generate-swagger-ui runs-on: ubuntu-latest steps: - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: openapi pattern: "*-api" - name: Deploy to GitHub Pages - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: . diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot.yml index 30329ec..d98d8d9 100644 --- a/.github/workflows/publish-snapshot.yml +++ b/.github/workflows/publish-snapshot.yml @@ -26,8 +26,8 @@ jobs: if: | needs.secrets-presence.outputs.HAS_OSSRH steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} diff --git a/.github/workflows/scan-pull-request.yml b/.github/workflows/scan-pull-request.yml index d9d742d..bb8837f 100644 --- a/.github/workflows/scan-pull-request.yml +++ b/.github/workflows/scan-pull-request.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: false steps: - - uses: deepakputhraya/action-pr-title@master + - uses: deepakputhraya/action-pr-title@c21a28d317f15d7d3579e849bb7760502973fb18 # v1.0.1 with: # Match pull request titles conventional commit syntax (https://www.conventionalcommits.org/en/v1.0.0/) # (online tool for regex quick check: https://regex101.com/r/V5J8kh/1) @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: false steps: - - uses: agilepathway/label-checker@v1.6.61 + - uses: agilepathway/label-checker@ef666bf0a4151dc7c92607b467891d890ef74a96 # v1.6.61 with: any_of: api,bug,build,dependencies,documentation,enhancement,no-changelog,refactoring repo_token: ${{ secrets.envGH }} @@ -42,9 +42,9 @@ jobs: runs-on: ubuntu-latest continue-on-error: false steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: 'Check Allowed Licenses' - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 with: fail-on-severity: critical # Representation of this list: https://www.eclipse.org/legal/licenses.php# diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml index 3bea651..e068103 100644 --- a/.github/workflows/stale-bot.yml +++ b/.github/workflows/stale-bot.yml @@ -12,7 +12,7 @@ jobs: permissions: issues: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: operations-per-run: 1000 days-before-issue-stale: 28 @@ -33,7 +33,7 @@ jobs: permissions: issues: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: operations-per-run: 1000 days-before-issue-stale: 28 @@ -54,7 +54,7 @@ jobs: permissions: issues: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: operations-per-run: 1000 days-before-issue-stale: 14 @@ -76,7 +76,7 @@ jobs: permissions: pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: operations-per-run: 1000 days-before-issue-stale: -1 # ignore issues (overwrite default days-before-stale) diff --git a/.github/workflows/technology-nightly.yml b/.github/workflows/technology-nightly.yml index 4921797..2f056e5 100644 --- a/.github/workflows/technology-nightly.yml +++ b/.github/workflows/technology-nightly.yml @@ -13,7 +13,7 @@ jobs: Publish-Artefacts: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - id: get-version run: | if [ -z ${{ inputs.version }} ]; then @@ -21,16 +21,16 @@ jobs: else echo "VERSION=${{ inputs.version }}" >> "$GITHUB_OUTPUT" fi - - uses: eclipse-edc/.github/.github/actions/set-project-version@main + - uses: sovity/core-edc-github/.github/actions/set-project-version@0.11.1_2025-03-10_2 with: version: ${{ steps.get-version.outputs.VERSION }} - - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main + - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} osshr-username: ${{ secrets.ORG_OSSRH_USERNAME }} osshr-password: ${{ secrets.ORG_OSSRH_PASSWORD }} - - uses: sarisia/actions-status-discord@v1 + - uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0 if: always() with: webhook: ${{ secrets.DISCORD_GITHUB_CI_WEBHOOK }} @@ -41,7 +41,7 @@ jobs: Dependency-Review: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/request-dependencies-review@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/request-dependencies-review@0.11.1_2025-03-10_2 with: gitlab-token: ${{ secrets.GITLAB_API_TOKEN }} diff --git a/.github/workflows/technology-prepare-release.yml b/.github/workflows/technology-prepare-release.yml index 93fd80a..7a2994b 100644 --- a/.github/workflows/technology-prepare-release.yml +++ b/.github/workflows/technology-prepare-release.yml @@ -15,7 +15,7 @@ jobs: outputs: RELEASE_REF: ${{ steps.commit-changes.outputs.RELEASE_REF }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: set release type shell: bash @@ -28,14 +28,14 @@ jobs: fi echo "type=$type" >> $GITHUB_OUTPUT - - uses: eclipse-edc/.github/.github/actions/generate-dependencies-file@main + - uses: sovity/core-edc-github/.github/actions/generate-dependencies-file@0.11.1_2025-03-10_2 with: run: strict - name: Replace published DEPENDENCIES file link in NOTICE with the one just created run: sed -i "s#\[DEPENDENCIES\]\(.*\)#\[DEPENDENCIES\]\(DEPENDENCIES\)#g" NOTICE.md - - uses: eclipse-edc/.github/.github/actions/set-project-version@main + - uses: sovity/core-edc-github/.github/actions/set-project-version@0.11.1_2025-03-10_2 with: version: ${{ inputs.version }}-SNAPSHOT @@ -60,10 +60,10 @@ jobs: needs: [ Prepare-Release ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - - uses: eclipse-edc/.github/.github/actions/bump-version@main + - uses: sovity/core-edc-github/.github/actions/bump-version@0.11.1_2025-03-10_2 with: base_version: ${{ inputs.version }} @@ -73,11 +73,11 @@ jobs: needs: [ Bump-Main-Version ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main + - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} @@ -90,11 +90,11 @@ jobs: needs: [ Prepare-Release ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.Prepare-Release.outputs.RELEASE_REF }} - - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main + - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} diff --git a/.github/workflows/technology-release.yml b/.github/workflows/technology-release.yml index 11efa1b..3d572df 100644 --- a/.github/workflows/technology-release.yml +++ b/.github/workflows/technology-release.yml @@ -10,17 +10,17 @@ jobs: outputs: TAG: ${{ steps.set-tag.outputs.TAG }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - id: set-version run: | VERSION=$(echo ${{ github.ref_name }} | cut -d '/' -f 2) echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - - uses: eclipse-edc/.github/.github/actions/set-project-version@main + - uses: sovity/core-edc-github/.github/actions/set-project-version@0.11.1_2025-03-10_2 with: version: ${{ steps.set-version.outputs.VERSION }} - - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main + - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2 with: gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }} @@ -49,9 +49,9 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create GitHub Release - uses: ncipollo/release-action@v1 + uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0 with: generateReleaseNotes: true tag: ${{ needs.Release.outputs.TAG }} @@ -63,7 +63,7 @@ jobs: if: "always()" runs-on: ubuntu-latest steps: - - uses: sarisia/actions-status-discord@v1 + - uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0 name: "Invoke discord webhook" with: webhook: ${{ secrets.DISCORD_GITHUB_CI_WEBHOOK }} diff --git a/.github/workflows/verify-openapi.yml b/.github/workflows/verify-openapi.yml index 2ab34ae..dec5a69 100644 --- a/.github/workflows/verify-openapi.yml +++ b/.github/workflows/verify-openapi.yml @@ -9,10 +9,10 @@ jobs: outputs: api_groups: ${{ steps.outputStep.outputs.matrix }} steps: - - uses: actions/checkout@v4 - - uses: eclipse-edc/.github/.github/actions/setup-build@main + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 - run: ./gradlew resolve - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: openapi-spec path: resources/openapi/yaml @@ -33,11 +33,11 @@ jobs: env: versionFile: resources/openapi/${{ matrix.apiGroup }}.version steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: eclipse-edc/.github/.github/actions/setup-build@main - - uses: actions/download-artifact@v4 + - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: openapi-spec path: resources/openapi/yaml