Pin GH actions to SHA to avoid mutable refs (#2126)

This commit is contained in:
Alexander Brandes 2023-03-06 13:51:53 +01:00 committed by GitHub
parent 7152fd2032
commit 94f57799d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 21 additions and 36 deletions

View File

@ -4,7 +4,6 @@ on:
workflows: ["Upload release assets"]
types:
- completed
jobs:
send_announcement:
runs-on: ubuntu-latest
@ -14,7 +13,7 @@ jobs:
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
DISCORD_USERNAME: FastAsyncWorldEdit Release
DISCORD_AVATAR: https://raw.githubusercontent.com/IntellectualSites/Assets/main/plugins/FastAsyncWorldEdit/FastAsyncWorldEdit.png
uses: Ilshidur/action-discord@0.3.2
uses: Ilshidur/action-discord@0c4b27844ba47cb1c7bee539c8eead5284ce9fa9 # ratchet:Ilshidur/action-discord@0.3.2
with:
args: |
"<@&525015715300900875> <@&706463154804097105> <@&671372968462516240>"

View File

@ -1,7 +1,5 @@
name: Build PR
on: [pull_request]
jobs:
build_pr:
if: github.repository_owner == 'IntellectualSites'
@ -13,7 +11,7 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Validate Gradle Wrapper
uses: gradle/wrapper-validation-action@v1
uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1
- name: Setup Java
uses: actions/setup-java@v3
with:

View File

@ -1,5 +1,4 @@
name: Build
on:
push:
branches:
@ -12,7 +11,7 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Validate Gradle Wrapper
uses : gradle/wrapper-validation-action@v1
uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1
- name: Setup Java
uses: actions/setup-java@v3
with:
@ -45,7 +44,7 @@ jobs:
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
- name: Publish core javadoc
if: ${{ runner.os == 'Linux' && env.STATUS == 'release' && github.event_name == 'push' && github.ref == 'refs/heads/main'}}
uses: cpina/github-action-push-to-another-repository@main
uses: cpina/github-action-push-to-another-repository@0a14457bb28b04dfa1652e0ffdfda866d2845c73 # main
env:
SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
with:
@ -57,7 +56,7 @@ jobs:
target-directory: worldedit-core
- name: Publish bukkit javadoc
if: ${{ runner.os == 'Linux' && env.STATUS == 'release' && github.event_name == 'push' && github.ref == 'refs/heads/main'}}
uses: cpina/github-action-push-to-another-repository@main
uses: cpina/github-action-push-to-another-repository@0a14457bb28b04dfa1652e0ffdfda866d2845c73 # main
env:
SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
with:
@ -79,7 +78,7 @@ jobs:
MODRINTH_TOKEN: ${{ secrets.MODRINTH_TOKEN }}
- name: Publish to CurseForge
if: ${{ runner.os == 'Linux' && env.STATUS == 'release' && github.event_name == 'push' && github.ref == 'refs/heads/main'}}
uses: itsmeow/curseforge-upload@v3
uses: itsmeow/curseforge-upload@13f278adc4cc7b881555f87e6ea528387dd6492b # v3
with:
file_path: worldedit-bukkit/build/libs/FastAsyncWorldEdit-Bukkit-${{ env.VERSION }}.jar
# https://minecraft.curseforge.com/api/game/versions?token=redacted

View File

@ -1,10 +1,8 @@
name: "CodeQL"
on:
pull_request:
# The branches below must be a subset of the branches above
branches: [main]
jobs:
analyze:
name: Analyze
@ -13,23 +11,18 @@ jobs:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ['java']
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2

View File

@ -1,5 +1,4 @@
name: draft release
on:
push:
branches:
@ -8,7 +7,6 @@ on:
types: [opened, reopened, synchronize]
pull_request_target:
types: [opened, reopened, synchronize]
jobs:
update_release_draft:
if: ${{ github.event_name != 'pull_request' || github.repository != github.event.pull_request.head.repo.full_name }}

View File

@ -1,9 +1,7 @@
name: Upload release assets
on:
release:
types: [published]
jobs:
upload_asset:
runs-on: ubuntu-latest
@ -11,7 +9,7 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Validate Gradle Wrapper
uses : gradle/wrapper-validation-action@v1
uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1
- name: Setup Java
uses: actions/setup-java@v3
with:
@ -21,7 +19,7 @@ jobs:
- name: Clean Build
run: ./gradlew clean build --no-daemon
- name: Upload Release Assets
uses: AButler/upload-release-assets@v2.0
uses: AButler/upload-release-assets@ec6d3263266dc57eb6645b5f75e827987f7c217d # ratchet:AButler/upload-release-assets@v2.0
with:
files: 'worldedit-bukkit/build/libs/FastAsyncWorldEdit-Bukkit-*.jar'
repo-token: ${{ secrets.GITHUB_TOKEN }}