chore: pin GitHub actions SHA 0.11.1

.github/actions/generate-dependencies-file/action.yml

@@ -10,7 +10,7 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: eclipse-edc/.github/.github/actions/setup-build@main
+    - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2
     - name: Download latest Eclipse Dash
       shell: bash
       run: |

.github/actions/publish-autodoc/action.yml

@@ -12,7 +12,7 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: eclipse-edc/.github/.github/actions/setup-build@main
+    - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2
 
     - name: Override version if input is set
       shell: bash
@@ -51,7 +51,7 @@ runs:
         cp deploy/autodoc/${{ env.VERSION }}/* deploy/autodoc/
 
     - name: Deploy to GitHub Pages
-      uses: peaceiris/actions-gh-pages@v4
+      uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
       with:
         github_token: ${{ inputs.token }}
         publish_dir: deploy

.github/actions/publish-maven-artifacts/action.yml

@@ -21,9 +21,9 @@ inputs:
 runs:
   using: "composite"
   steps:
-  - uses: eclipse-edc/.github/.github/actions/setup-build@main
+  - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2
 
-  - uses: eclipse-edc/.github/.github/actions/import-gpg-key@main
+  - uses: sovity/core-edc-github/.github/actions/import-gpg-key@0.11.1_2025-03-10_2
     with:
       gpg-private-key: ${{ inputs.gpg-private-key }}
 

.github/actions/request-dependencies-review/action.yml

@@ -9,7 +9,7 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: eclipse-edc/.github/.github/actions/generate-dependencies-file@main
+    - uses: sovity/core-edc-github/.github/actions/generate-dependencies-file@0.11.1_2025-03-10_2
     - shell: bash
       run: |
         cat DEPENDENCIES* | grep restricted | sort -u | awk -F ',' '{print $1}' | java -jar dash.jar - -review -project technology.edc -token ${{ inputs.gitlab-token }} || true

.github/actions/setup-build/action.yml

@@ -3,7 +3,7 @@ description: "Setup Gradle"
 runs:
   using: "composite"
   steps:
-    - uses: actions/setup-java@v4
+    - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0
       with:
         java-version: '17'
         distribution: 'temurin'

.github/workflows/_discord-webhook.yml

@@ -10,7 +10,7 @@ on:
 
 jobs:
   trigger-workflow:
-    uses: eclipse-edc/.github/.github/workflows/discord-webhook.yml@main
+    uses: sovity/core-edc-github/.github/workflows/discord-webhook.yml@0.11.1_2025-03-10_2
     with:
       event_discussion_html_url: ${{ github.event.discussion.html_url }}
       event_discussion_title: ${{ github.event.discussion.title }}

.github/workflows/_first-interaction.yml

@@ -8,6 +8,6 @@ on:
 
 jobs:
   trigger-workflow:
-    uses: eclipse-edc/.github/.github/workflows/first-interaction.yml@main
+    uses: sovity/core-edc-github/.github/workflows/first-interaction.yml@0.11.1_2025-03-10_2
     secrets:
       envGH: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/_scan-pull-request.yml

@@ -11,6 +11,6 @@ concurrency:
 
 jobs:
   trigger-workflow:
-    uses: eclipse-edc/.github/.github/workflows/scan-pull-request.yml@main
+    uses: sovity/core-edc-github/.github/workflows/scan-pull-request.yml@0.11.1_2025-03-10_2
     secrets:
       envGH: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/_stale-bot.yml

@@ -7,6 +7,6 @@ on:
 
 jobs:
   trigger-workflow:
-    uses: eclipse-edc/.github/.github/workflows/stale-bot.yml@main
+    uses: sovity/core-edc-github/.github/workflows/stale-bot.yml@0.11.1_2025-03-10_2
     secrets:
       envGH: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -18,12 +18,12 @@ jobs:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/setup-build@main
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 # v3.34.1
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
@@ -37,5 +37,5 @@ jobs:
         run: ./gradlew compileJava --no-daemon
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 # v3.34.1
 

.github/workflows/core-prepare-release.yml

@@ -15,7 +15,7 @@ jobs:
     outputs:
       RELEASE_REF: ${{ steps.commit-changes.outputs.RELEASE_REF }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: set release type
         shell: bash
@@ -28,14 +28,14 @@ jobs:
           fi
           echo "type=$type" >> $GITHUB_OUTPUT
 
-      - uses: eclipse-edc/.github/.github/actions/generate-dependencies-file@main
+      - uses: sovity/core-edc-github/.github/actions/generate-dependencies-file@0.11.1_2025-03-10_2
         with:
           run: strict
 
       - name: Replace published DEPENDENCIES file link in NOTICE with the one just created
         run: sed -i "s#\[DEPENDENCIES\]\(.*\)#\[DEPENDENCIES\]\(DEPENDENCIES\)#g" NOTICE.md
 
-      - uses: eclipse-edc/.github/.github/actions/set-project-version@main
+      - uses: sovity/core-edc-github/.github/actions/set-project-version@0.11.1_2025-03-10_2
         with:
           version: ${{ inputs.version }}-SNAPSHOT
 
@@ -60,10 +60,10 @@ jobs:
     needs: [ Prepare-Release ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: main
-      - uses: eclipse-edc/.github/.github/actions/bump-version@main
+      - uses: sovity/core-edc-github/.github/actions/bump-version@0.11.1_2025-03-10_2
         with:
           base_version: ${{ inputs.version }}
 
@@ -73,11 +73,11 @@ jobs:
     needs: [ Bump-Main-Version ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: main
 
-      - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main
+      - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2
         with:
           gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
           gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}
@@ -90,11 +90,11 @@ jobs:
     needs: [ Prepare-Release ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ needs.Prepare-Release.outputs.RELEASE_REF }}
 
-      - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main
+      - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2
         with:
           gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
           gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}

.github/workflows/core-release.yml

@@ -16,13 +16,13 @@ jobs:
       VERSION: ${{ steps.set-version.outputs.VERSION }}
       TAG: ${{ steps.set-tag.outputs.TAG }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - id: set-version
         run: |
           VERSION=$(echo ${{ github.ref_name }} | cut -d '/' -f 2)
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
 
-      - uses: eclipse-edc/.github/.github/actions/set-project-version@main
+      - uses: sovity/core-edc-github/.github/actions/set-project-version@0.11.1_2025-03-10_2
         with:
           version: ${{ steps.set-version.outputs.VERSION }}
       - shell: bash
@@ -42,14 +42,14 @@ jobs:
           echo "TAG=$TAG" >> $GITHUB_OUTPUT
 
   create-github-release:
-    needs: [ Create-Tag ]
+    needs: [ create-tag ]
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Create GitHub Release
-        uses: ncipollo/release-action@v1
+        uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0
         with:
           generateReleaseNotes: true
           tag: ${{ needs.Create-Tag.outputs.TAG }}
@@ -58,12 +58,12 @@ jobs:
 
   publish-autodoc:
     if: inputs.publish-autodoc == true
-    needs: [ Create-Tag ]
+    needs: [ create-tag ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ github.ref_name }}
-      - uses: eclipse-edc/.github/.github/actions/publish-autodoc@main
+      - uses: sovity/core-edc-github/.github/actions/publish-autodoc@0.11.1_2025-03-10_2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/discord-webhook.yml

@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: New Discussion
-        uses: tsickert/discord-webhook@v6.0.0
+        uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4 # v6.0.0
         if: ${{ (inputs.event_name == 'discussion') }}
         with:
           webhook-url: ${{ secrets.env_discord }}
@@ -59,7 +59,7 @@ jobs:
           embed-color: 16305330
 
       - name: New Issue
-        uses: tsickert/discord-webhook@v6.0.0
+        uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4 # v6.0.0
         if: ${{ (inputs.event_name == 'issues') }}
         with:
           webhook-url: ${{ secrets.env_discord }}
@@ -73,7 +73,7 @@ jobs:
           embed-color: 14023876
 
       - name: New Pull Request
-        uses: tsickert/discord-webhook@v6.0.0
+        uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4 # v6.0.0
         if: ${{ (inputs.event_name == 'pull_request_target') }}
         with:
           webhook-url: ${{ secrets.env_discord }}

.github/workflows/first-interaction.yml

@@ -10,11 +10,11 @@ jobs:
   add-comment:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/first-interaction@v1
+      - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0
         with:
-          repo-token: ${{ secrets.envGH }}
-          issue-message: 'Thanks for your contribution :fire: We will take a look asap :rocket:'
-          pr-message: >-
+          repo_token: ${{ secrets.envGH }}
+          issue_message: 'Thanks for your contribution :fire: We will take a look asap :rocket:'
+          pr_message: >-
             We are always happy to welcome new contributors :heart: To make things easier for everyone, please
             make sure to follow our [contributors manual](https://eclipse-edc.github.io/documentation/for-contributors/),
             check if you have already signed the [ECA](http://www.eclipse.org/legal/ecafaq.php), and

.github/workflows/publish-autodoc.yml

@@ -12,7 +12,7 @@ jobs:
   generate-and-deploy-doc:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/publish-autodoc@main
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: sovity/core-edc-github/.github/actions/publish-autodoc@0.11.1_2025-03-10_2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish-dependencies.yml

@@ -9,16 +9,16 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/generate-dependencies-file@main
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: sovity/core-edc-github/.github/actions/generate-dependencies-file@0.11.1_2025-03-10_2
 
       - name: prepare deploy
         run: |
           mkdir public
           mv DEPENDENCIES public/
 
       - name: Deploy to GitHub Pages
-        uses: peaceiris/actions-gh-pages@v4
+        uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: public
@@ -29,7 +29,7 @@ jobs:
     if: "failure()"
     runs-on: ubuntu-latest
     steps:
-      - uses: sarisia/actions-status-discord@v1
+      - uses: sarisia/actions-status-discord@eb045afee445dc055c18d3d90bd0f244fd062708 # v1.16.0
         with:
           webhook: ${{ secrets.DISCORD_GITHUB_CI_WEBHOOK }}
           status: ${{ needs.publish-dependencies.result }}

.github/workflows/publish-openapi-ui.yml

@@ -9,11 +9,11 @@ jobs:
     outputs:
       api_groups: ${{ steps.outputStep.outputs.matrix }}
     steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/setup-build@main
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2
       - name: Generate API Specs
         run: ./gradlew resolve
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: openapi-spec
           path: resources/openapi/yaml
@@ -35,9 +35,9 @@ jobs:
       rootDir: resources/openapi/yaml/${{ matrix.apiGroup }}
       versionFile: resources/openapi/${{ matrix.apiGroup }}.version
     steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/setup-build@main
-      - uses: actions/download-artifact@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: sovity/core-edc-github/.github/actions/setup-build@0.11.1_2025-03-10_2
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: openapi-spec
           path: resources/openapi/yaml
@@ -58,21 +58,21 @@ jobs:
           ./gradlew -PapiVersion=${{ env.VERSION }} -PapiTitle="${{ matrix.apiGroup }}" -PapiDescription="REST API documentation for the ${{ matrix.apiGroup }}" :mergeApiSpec --input=${{ env.rootDir }} --output=${{ matrix.apiGroup }}.yaml
 
       - name: Generate Swagger UI current version
-        uses: Legion2/swagger-ui-action@v1
+        uses: Legion2/swagger-ui-action@eff65dc3f193f0a749872be82f74baa35be0797d # v1.3.0
         with:
           output: swagger-ui/${{ env.VERSION }}
           spec-file: ${{ matrix.apiGroup }}.yaml
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Generate Swagger UI stable version
-        uses: Legion2/swagger-ui-action@v1
+        uses: Legion2/swagger-ui-action@eff65dc3f193f0a749872be82f74baa35be0797d # v1.3.0
         if: ${{ !endsWith( env.VERSION, '-SNAPSHOT') }}
         with:
           output: swagger-ui
           spec-file: ${{ matrix.apiGroup }}.yaml
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: ${{ matrix.apiGroup }}
           path: swagger-ui
@@ -81,12 +81,12 @@ jobs:
     needs: generate-swagger-ui
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: openapi
           pattern: "*-api"
       - name: Deploy to GitHub Pages
-        uses: peaceiris/actions-gh-pages@v4
+        uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: .

.github/workflows/publish-snapshot.yml

@@ -26,8 +26,8 @@ jobs:
     if: |
       needs.secrets-presence.outputs.HAS_OSSRH
     steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/publish-maven-artifacts@main
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: sovity/core-edc-github/.github/actions/publish-maven-artifacts@0.11.1_2025-03-10_2
         with:
           gpg-private-key: ${{ secrets.ORG_GPG_PRIVATE_KEY }}
           gpg-passphrase: ${{ secrets.ORG_GPG_PASSPHRASE }}