From 4d7130614bb4b1f78a1e500e776c3560a657526e Mon Sep 17 00:00:00 2001 From: Pedro Kaj Kjellerup Nacht Date: Thu, 16 Nov 2023 22:25:59 +0000 Subject: [PATCH] ICU-22482 Hash-pin GHA, add dependabot to keep them updated Signed-off-by: Pedro Kaj Kjellerup Nacht Use latest version, uses a version >= 2.0.6 to overcome invalid key bug --- .github/dependabot.yml | 15 ++++++ .github/workflows/cache_retain.yml | 6 +-- .github/workflows/icu4c.yml | 54 ++++++++++----------- .github/workflows/icu_envtest.yml | 4 +- .github/workflows/icu_merge_ci.yml | 68 +++++++++++++-------------- .github/workflows/icu_valgrind.yml | 4 +- .github/workflows/jekyll-gh-pages.yml | 10 ++-- .github/workflows/maven.yaml | 4 +- .github/workflows/scorecard.yml | 8 ++-- 9 files changed, 94 insertions(+), 79 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000000..322a2b6ea8f9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/cache_retain.yml b/.github/workflows/cache_retain.yml index 1931ca309c2c..45d70d82bb11 100644 --- a/.github/workflows/cache_retain.yml +++ b/.github/workflows/cache_retain.yml @@ -38,17 +38,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '11' - name: Restore read-only cache of local Maven repository - uses: actions/cache/restore@v3 + uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 id: cache with: path: ~/.m2/repository diff --git a/.github/workflows/icu4c.yml b/.github/workflows/icu4c.yml index 77e8655a1f39..a2a13200c148 100644 --- a/.github/workflows/icu4c.yml +++ b/.github/workflows/icu4c.yml @@ -31,7 +31,7 @@ jobs: icu4c-docs-build: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C doc run: | @@ -54,7 +54,7 @@ jobs: gcc-debug-build-and-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C with gcc env: @@ -77,7 +77,7 @@ jobs: clang-release-build-and-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install doxygen run: | @@ -119,7 +119,7 @@ jobs: # --disable-shared has a build problem. runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build ICU4C with clang run: | @@ -135,7 +135,7 @@ jobs: gcc-10-stdlib17: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C with gcc 10 and c++17 and extra warnings. env: @@ -156,7 +156,7 @@ jobs: clang-asan: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C with clang and asan run: | @@ -170,7 +170,7 @@ jobs: clang-ubsan: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C with clang and ubsan +alignment run: | @@ -185,7 +185,7 @@ jobs: clang-cfi: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C with clang using CFI run: | @@ -204,7 +204,7 @@ jobs: clang-tsan: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C with clang and tsan run: | @@ -222,7 +222,7 @@ jobs: macos-clang: runs-on: macos-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C with clang on MacOS run: | @@ -234,7 +234,7 @@ jobs: run-with-stubdata: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C tests with stubdata run: | @@ -277,7 +277,7 @@ jobs: u-charset-is-utf8-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | cd icu4c/source; ./runConfigureICU Linux CPPFLAGS="-DU_CHARSET_IS_UTF8=1"; @@ -287,7 +287,7 @@ jobs: u-override-cxx-allocation-is-0-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | cd icu4c/source; ./runConfigureICU Linux CPPFLAGS="-DU_OVERRIDE_CXX_ALLOCATION=0"; @@ -298,7 +298,7 @@ jobs: lstm-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | cd icu4c/source; ICU_DATA_FILTER_FILE=../../.github/lstm_for_th_my.json ./runConfigureICU --enable-debug --disable-release Linux -disable-layoutex; @@ -309,7 +309,7 @@ jobs: adaboost-test: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | cd icu4c/source; ICU_DATA_FILTER_FILE=../../.github/adaboost.json CPPFLAGS=-DUCONFIG_USE_ML_PHRASE_BREAKING=1 ./runConfigureICU --enable-debug --disable-release Linux -disable-layoutex; @@ -320,7 +320,7 @@ jobs: testmap: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | cd icu4c/source; ./runConfigureICU Linux; @@ -333,21 +333,21 @@ jobs: copyright-scan: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: perl tools/scripts/cpysearch/cpyscan.pl # Check compilation of internal headers. internal-header-compilation: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: cd icu4c/source; test/hdrtst/testinternalheaders.sh # Check source files for valid UTF-8 and for absence of BOM. valid-UTF-8-and-no-BOM-check: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: tools/scripts/icu-file-utf8-check.py # Run unit tests with UCONFIG_NO_XXX variations. @@ -375,7 +375,7 @@ jobs: - "-DUCONFIG_NO_LEGACY_CONVERSION=1 -DUCONFIG_NO_NORMALIZATION=1 -DUCONFIG_NO_BREAK_ITERATION=1 -DUCONFIG_NO_IDNA=1 -DUCONFIG_NO_COLLATION=1 -DUCONFIG_NO_FORMATTING=1 -DUCONFIG_NO_TRANSLITERATION=1 -DUCONFIG_NO_REGULAR_EXPRESSIONS=1 -DUCONFIG_NO_SERVICE=1 -DUCONFIG_NO_FILTERED_BREAK_ITERATION=1" steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Verify no additional new UCONFIG_NO_xxx added run: | # Test that we have exactly 12 "#ifndef UCONFIG_NO_" in uconfig.h. If the number changes, we need to also @@ -421,7 +421,7 @@ jobs: - "-DUCONFIG_NO_LEGACY_CONVERSION=1 -DUCONFIG_NO_NORMALIZATION=1 -DUCONFIG_NO_BREAK_ITERATION=1 -DUCONFIG_NO_IDNA=1 -DUCONFIG_NO_COLLATION=1 -DUCONFIG_NO_FORMATTING=1 -DUCONFIG_NO_TRANSLITERATION=1 -DUCONFIG_NO_REGULAR_EXPRESSIONS=1 -DUCONFIG_NO_SERVICE=1 -DUCONFIG_NO_FILTERED_BREAK_ITERATION=1" steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Verify no additional new UCONFIG_NO_xxx added run: | # Test that we have exactly 12 "#ifndef UCONFIG_NO_" in uconfig.h. If the number changes, we need to also @@ -450,14 +450,14 @@ jobs: unicode-update-tools: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 - - uses: bazelbuild/setup-bazelisk@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0 - name: Get CI Linux runner VM version id: linux-version run: | echo "LINUX_VERSION=$(grep -F VERSION_ID /etc/os-release | cut -d'"' -f2)" >> $GITHUB_OUTPUT - name: Mount bazel cache - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: "~/.cache/bazel" key: bazel-${{ runner.os }}-${{ steps.linux-version.outputs.LINUX_VERSION }} @@ -489,7 +489,7 @@ jobs: icu4c-test-samples: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: ICU4C configure and build run: | @@ -514,7 +514,7 @@ jobs: icu4c-without-collation-rule-strings: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install hjson dependency run: | sudo apt-get install python3-pip @@ -554,7 +554,7 @@ jobs: icu4c-uconfig-no-conversion: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set UCONFIG_NO_CONVERSION and configure ICU4C env: UCONFIG_NO_CONVERSION: 1 diff --git a/.github/workflows/icu_envtest.yml b/.github/workflows/icu_envtest.yml index 4b6a9c56e405..198fd49968d9 100644 --- a/.github/workflows/icu_envtest.yml +++ b/.github/workflows/icu_envtest.yml @@ -43,7 +43,7 @@ jobs: run: | locale -a; - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build run: | cd icu4c/source/; @@ -102,7 +102,7 @@ jobs: find /usr/share/zoneinfo/ -type f,l|egrep -v "/(right|posix)/"|egrep -v "\.tab"|wc -l; find /usr/share/zoneinfo/ -type f,l|egrep -v "/(right|posix)/"|egrep -v "\.tab"|cut -d '/' -f5-50; - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build run: | cd icu4c/source/; diff --git a/.github/workflows/icu_merge_ci.yml b/.github/workflows/icu_merge_ci.yml index 4235730cdbf6..9ff860f3b1da 100644 --- a/.github/workflows/icu_merge_ci.yml +++ b/.github/workflows/icu_merge_ci.yml @@ -32,17 +32,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '8' @@ -58,20 +58,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Lookup read-only cache of local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- lookup-only: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '11' @@ -92,7 +92,7 @@ jobs: if: github.repository == 'unicode-org/icu' && github.ref == 'refs/heads/main' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build ICU libraries run: | @@ -102,7 +102,7 @@ jobs: cd lib; cp -Ps ../tools/ctestfw/libicutest* . - name: Upload ICU libraries - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: icu-perf-libs path: icu4c/source/lib @@ -133,11 +133,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Create directory for lib files run: mkdir icu4c/source/perflib - name: Get ICU libs - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: icu-perf-libs path: icu4c/source/lib @@ -207,11 +207,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Create directory for lib files run: mkdir icu4c/source/perflib - name: Get ICU libs - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: icu-perf-libs path: icu4c/source/lib @@ -272,11 +272,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Create directory for lib files run: mkdir icu4c/source/perflib - name: Get ICU libs - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: icu-perf-libs path: icu4c/source/lib @@ -322,20 +322,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Lookup read-only cache of local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- lookup-only: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '8' @@ -384,20 +384,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Lookup read-only cache of local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- lookup-only: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '8' @@ -448,20 +448,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Lookup read-only cache of local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- lookup-only: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '8' @@ -517,20 +517,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Lookup read-only cache of local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- lookup-only: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '8' @@ -656,20 +656,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Lookup read-only cache of local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- lookup-only: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '8' @@ -739,20 +739,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout and setup - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - name: Checkout lfs objects run: git lfs pull - name: Lookup read-only cache of local Maven repository - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- lookup-only: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '8' @@ -802,7 +802,7 @@ jobs: needs: [icu4c-performance-tests, icu4c-performance-tests-with-files, icu4c-strsrchperf, icu4j-unicodesetperf, icu4j-ucharacterperf, icu4j-decimalformatperf, icu4j-normperf, icu4j-converterperf, icu4j-dateformatperf] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Switch to benchmark data storage branch. run: | @@ -810,7 +810,7 @@ jobs: git checkout perfdata - name: Publish data - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3 with: deploy_key: ${{ secrets.ACTIONS_DEPLOY_KEY }} external_repository: unicode-org/icu-perf diff --git a/.github/workflows/icu_valgrind.yml b/.github/workflows/icu_valgrind.yml index ab62f36d680c..c57004b0c026 100644 --- a/.github/workflows/icu_valgrind.yml +++ b/.github/workflows/icu_valgrind.yml @@ -33,7 +33,7 @@ jobs: sudo apt-get -y update; sudo apt-get install -y valgrind; - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build with debug enable env: CC: clang @@ -78,7 +78,7 @@ jobs: sudo apt-get -y update; sudo apt-get install -y valgrind; - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build with debug enable env: CC: clang diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml index 40948e996582..8333cf13c700 100644 --- a/.github/workflows/jekyll-gh-pages.yml +++ b/.github/workflows/jekyll-gh-pages.yml @@ -37,16 +37,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0 with: ruby-version: '2.7.4' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically cache-version: 0 # Increment this number if you need to re-download cached gems - name: Setup Pages id: pages - uses: actions/configure-pages@v3 + uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3.0.6 with: generator_config_file: docs/_config.yml - name: Build with Jekyll @@ -59,7 +59,7 @@ jobs: env: JEKYLL_ENV: production - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@a753861a5debcf57bf8b404356158c8e1e33150c # v2.0.0 with: path: docs/_site @@ -76,4 +76,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v2 + uses: actions/deploy-pages@9dbe3824824f8a1377b8e298bafde1a50ede43e5 # v2.0.4 diff --git a/.github/workflows/maven.yaml b/.github/workflows/maven.yaml index bfcb5fed2947..d926b68c3453 100644 --- a/.github/workflows/maven.yaml +++ b/.github/workflows/maven.yaml @@ -18,10 +18,10 @@ jobs: permissions: packages: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true - - uses: actions/setup-java@v3 + - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: '11' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b0bdaef3c3db..b568936793dc 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -29,12 +29,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v3.5.3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@v2.2.0 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v2.20.1 + uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: sarif_file: results.sarif