Pin versions and apply many changes

.github/workflows/comment-pr.yml

@@ -20,13 +20,13 @@ jobs:
       ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     timeout-minutes: 10
     steps:
-      - uses: actions/a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{github.event.workflow_run.head_branch}}
           repository: ${{github.event.workflow_run.head_repository.full_name}}
 
-      # Download the patch
-      - uses: actions/download-artifact@v4
+      - name: Download the patch.
+        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
         with:
           name: patch
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -36,8 +36,8 @@ jobs:
           git apply git-diff.patch --allow-empty
           rm git-diff.patch
 
-      # Download the PR number
-      - uses: actions/download-artifact@v4
+      - name: Download the PR number.
+        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
         with:
           name: pr_number
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -48,8 +48,8 @@ jobs:
           echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
           rm pr_number.txt
 
-      # Post suggestions as a comment on the PR
-      - uses: googleapis/code-suggester@v4
+      - name: Post suggestions as a comment on the PR.
+        uses: googleapis/code-suggester@589b3ac11ac2575fd561afa45034907f301a375b # v3.4.4
         with:
           command: review
           pull_number: ${{ env.PR_NUMBER }}

.github/workflows/pitest-update-pr.yml

@@ -37,7 +37,7 @@ jobs:
           java-distribution: temurin
           maven-version: 3.9.9
       - name: Download Pitest analysis artifact
-        uses: dawidd6/action-download-artifact@`09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4`
+        uses: dawidd6/action-download-artifact@`09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
         with:
           workflow: ${{ github.event.workflow_run.workflow_id }}
           name: pitest-reports

.github/workflows/receive-pr.yml

@@ -19,7 +19,8 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v4
+      - name: Name.
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
@@ -30,26 +31,25 @@ jobs:
           java-distribution: temurin
           maven-version: 3.9.9
 
-      # Capture the PR number
       # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
-      - name: Create pr_number.txt
+      - name: Capture the PR number.
         run: echo "${{ github.event.number }}" > pr_number.txt
-      - uses: actions/upload-artifact@v4
+      - name: Upload `pr_number.txt`.
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: pr_number
           path: pr_number.txt
       - name: Remove pr_number.txt
         run: rm -f pr_number.txt
 
-      # Execute Error Prone
-      - name: Run Error Prone
-        run: mvn -T1C verify -Perror-prone-fork -Pnon-maven-central -Pself-check -s settings.xml
+      - name: Run Error Prone and Error Prone Support.
+        run: ./apply-error-prone-suggestions.sh
 
-      # Capture the diff
-      - name: Create patch
+      - name: Capture the diff and create the patch.
         run: |
           git diff | tee git-diff.patch
-      - uses: actions/upload-artifact@v4
+      - name: Upload the diff.
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: patch
           path: git-diff.patch