diff --git a/.github/workflows/auto-update-otel-sdk.yml b/.github/workflows/auto-update-otel-sdk.yml index 923bbf6485ee..a976f0510555 100644 --- a/.github/workflows/auto-update-otel-sdk.yml +++ b/.github/workflows/auto-update-otel-sdk.yml @@ -66,7 +66,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/build-common.yml b/.github/workflows/build-common.yml index b191ad963056..eb247a69eb34 100644 --- a/.github/workflows/build-common.yml +++ b/.github/workflows/build-common.yml @@ -32,7 +32,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -65,7 +65,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -134,7 +134,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -171,7 +171,7 @@ jobs: fi - name: Upload agent jar - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: opentelemetry-javaagent.jar path: javaagent/build/libs/opentelemetry-javaagent-*-SNAPSHOT.jar @@ -182,7 +182,7 @@ jobs: mkdir sboms cp javaagent/build/spdx/*.spdx.json sboms - - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 name: Upload SBOMs with: name: opentelemetry-java-instrumentation-SBOM.zip @@ -220,14 +220,14 @@ jobs: - id: setup-test-java name: Set up JDK ${{ matrix.test-java-version }}-${{ matrix.vm }} for running tests - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: # using zulu because new releases get published quickly distribution: ${{ matrix.vm == 'hotspot' && 'zulu' || 'adopt-openj9'}} java-version: ${{ matrix.test-java-version }} - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -291,7 +291,7 @@ jobs: - name: Upload deadlock detector artifacts if any if: failure() - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: deadlock-detector-test-${{ matrix.test-java-version }}-${{ matrix.vm }}-${{ matrix.test-partition }} path: /tmp/deadlock-detector-* @@ -299,7 +299,7 @@ jobs: - name: Upload jvm crash dump files if any if: failure() - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: javacore-test-${{ matrix.test-java-version }}-${{ matrix.test-partition }} path: | @@ -342,7 +342,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -368,7 +368,7 @@ jobs: - name: Upload jvm crash dump files if any if: failure() - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: javacore-smoke-test-${{ matrix.smoke-test-suite }}-${{ matrix.os }} # we expect crash dumps either in root director or in smoke-tests @@ -395,7 +395,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -418,7 +418,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0cb7a150e567..9c392c8f0def 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,7 +67,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml index 1cc9e8de713a..5996bae4c834 100644 --- a/.github/workflows/codeql-daily.yml +++ b/.github/workflows/codeql-daily.yml @@ -24,13 +24,13 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up Java 17 - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: languages: java # using "latest" helps to keep up with the latest Kotlin support @@ -45,7 +45,7 @@ jobs: run: ./gradlew assemble -x javadoc --no-build-cache --no-daemon - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 workflow-notification: needs: diff --git a/.github/workflows/owasp-dependency-check-daily.yml b/.github/workflows/owasp-dependency-check-daily.yml index 349589486d71..d29daf05ef06 100644 --- a/.github/workflows/owasp-dependency-check-daily.yml +++ b/.github/workflows/owasp-dependency-check-daily.yml @@ -19,7 +19,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -36,7 +36,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: path: javaagent/build/reports diff --git a/.github/workflows/pr-smoke-test-early-jdk8-images.yml b/.github/workflows/pr-smoke-test-early-jdk8-images.yml index 964ea89b0af9..558fe803bed6 100644 --- a/.github/workflows/pr-smoke-test-early-jdk8-images.yml +++ b/.github/workflows/pr-smoke-test-early-jdk8-images.yml @@ -19,7 +19,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/pr-smoke-test-fake-backend-images.yml b/.github/workflows/pr-smoke-test-fake-backend-images.yml index 09140f4c0c6c..88db1c27a99b 100644 --- a/.github/workflows/pr-smoke-test-fake-backend-images.yml +++ b/.github/workflows/pr-smoke-test-fake-backend-images.yml @@ -19,7 +19,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -46,7 +46,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/publish-smoke-test-servlet-images.yml b/.github/workflows/publish-smoke-test-servlet-images.yml index 87cf89380ce3..1ee1a7070e08 100644 --- a/.github/workflows/publish-smoke-test-servlet-images.yml +++ b/.github/workflows/publish-smoke-test-servlet-images.yml @@ -54,7 +54,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b04201f912b4..16d7615260b5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -80,7 +80,7 @@ jobs: - name: Free disk space run: .github/scripts/gha-free-disk-space.sh - - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + - uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -114,7 +114,7 @@ jobs: cp javaagent/build/spdx/*.spdx.json sboms zip opentelemetry-java-instrumentation-SBOM.zip sboms/* - - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 name: Upload SBOMs with: name: opentelemetry-java-instrumentation-SBOM diff --git a/.github/workflows/reusable-muzzle.yml b/.github/workflows/reusable-muzzle.yml index 74968817d7b3..8b29f8b98c49 100644 --- a/.github/workflows/reusable-muzzle.yml +++ b/.github/workflows/reusable-muzzle.yml @@ -28,7 +28,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/reusable-native-tests.yml b/.github/workflows/reusable-native-tests.yml index 1d11ff9807a4..09ea5ce2312c 100644 --- a/.github/workflows/reusable-native-tests.yml +++ b/.github/workflows/reusable-native-tests.yml @@ -18,7 +18,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: read-java run: echo "version=$(cat .java-version)" >> "$GITHUB_OUTPUT" - - uses: graalvm/setup-graalvm@2911b2304bee2c2f59b9a67bf45f025a6b6de4b1 # v1.2.2.1 + - uses: graalvm/setup-graalvm@22cc13fe88ef133134b3798e128fb208df55e1f5 # v1.2.3.1 with: version: "latest" java-version: "${{ steps.read-java.outputs.version }}" diff --git a/.github/workflows/reusable-smoke-test-images.yml b/.github/workflows/reusable-smoke-test-images.yml index b70dca41c9b8..3930b5b974f5 100644 --- a/.github/workflows/reusable-smoke-test-images.yml +++ b/.github/workflows/reusable-smoke-test-images.yml @@ -44,7 +44,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/reusable-test-indy.yml b/.github/workflows/reusable-test-indy.yml index 5350c43d5393..8897678ca4fc 100644 --- a/.github/workflows/reusable-test-indy.yml +++ b/.github/workflows/reusable-test-indy.yml @@ -35,7 +35,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version diff --git a/.github/workflows/reusable-test-latest-deps.yml b/.github/workflows/reusable-test-latest-deps.yml index 1f6775f3e3ef..911daec25db3 100644 --- a/.github/workflows/reusable-test-latest-deps.yml +++ b/.github/workflows/reusable-test-latest-deps.yml @@ -35,7 +35,7 @@ jobs: run: .github/scripts/gha-free-disk-space.sh - name: Set up JDK for running Gradle - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: temurin java-version-file: .java-version @@ -90,7 +90,7 @@ jobs: - name: Upload deadlock detector artifacts if any if: failure() - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: deadlock-detector-test-latest-${{ matrix.test-java-version }}-${{ matrix.vm }}-${{ matrix.test-partition }} path: /tmp/deadlock-detector-* @@ -98,7 +98,7 @@ jobs: - name: Upload jvm crash dump files if any if: failure() - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: javacore-test-latest-${{ matrix.test-java-version }}-${{ matrix.test-partition }} path: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 024807fd1f65..9644ee8d786d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -56,7 +56,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif @@ -64,6 +64,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif