matrei commented on code in PR #69:
URL:
https://github.com/apache/grails-github-actions/pull/69#discussion_r3007786962
##########
.github/workflows/release.yml:
##########
@@ -53,7 +53,7 @@ jobs:
- name: "📝 Establish release version"
run: echo "VERSION=${TAG#v}" >> "$GITHUB_ENV"
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
Review Comment:
This SHA is for version `v6.0.2`.
https://github.com/actions/checkout/releases/tag/v6.0.2
##########
.github/workflows/rat.yml:
##########
@@ -27,14 +27,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
Review Comment:
This SHA is for version `v6.0.2`.
https://github.com/actions/checkout/releases/tag/v6.0.2
##########
.github/workflows/ci.yml:
##########
@@ -36,14 +36,14 @@ jobs:
- name: "Output Agent IP" # in the event RAO blocks this agent, this can
be used to debug it
run: curl -s https://api.ipify.org
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
Review Comment:
This SHA is for version `v6.0.2`.
https://github.com/actions/checkout/releases/tag/v6.0.2
##########
.github/workflows/rat.yml:
##########
@@ -27,14 +27,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
- name: "☕️ Setup JDK"
- uses: actions/setup-java@v5
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.0.0
with:
distribution: liberica
java-version: 17
- name: "🐘 Setup Gradle"
- uses: gradle/actions/setup-gradle@v5
+ uses:
gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
Review Comment:
There is v5.0.2 version released on Feb 24.
https://github.com/gradle/actions/releases/tag/v5.0.2. There is also v6.0.1 but
there seems to have been some changes to the caching component in v6. I'm not
entirely sure what that change means for us.
##########
.github/workflows/ci.yml:
##########
@@ -36,14 +36,14 @@ jobs:
- name: "Output Agent IP" # in the event RAO blocks this agent, this can
be used to debug it
run: curl -s https://api.ipify.org
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
- name: "☕️ Setup JDK"
- uses: actions/setup-java@v5
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.0.0
Review Comment:
Latest is `v5.2.0`: https://github.com/actions/setup-java/releases/tag/v5.2.0
##########
.github/workflows/release.yml:
##########
@@ -221,7 +221,7 @@ jobs:
- name: "📝 Establish release version"
run: echo "VERSION=${TAG#v}" >> "$GITHUB_ENV"
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
Review Comment:
This SHA is for version `v6.0.2`.
https://github.com/actions/checkout/releases/tag/v6.0.2
##########
.github/workflows/release.yml:
##########
@@ -181,12 +181,12 @@ jobs:
cd dev-repo
svn info "$VERSION" > "DIST_SVN_REVISION.txt"
- name: "📤 Upload the Distribution SVN revision file"
- uses: softprops/action-gh-release@v2
+ uses:
softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.0.0
with:
tag_name: ${{ env.TAG }}
files: dev-repo/DIST_SVN_REVISION.txt
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
Review Comment:
This SHA is for version `v6.0.2`.
https://github.com/actions/checkout/releases/tag/v6.0.2
##########
.github/workflows/rat.yml:
##########
@@ -27,14 +27,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
- name: "☕️ Setup JDK"
- uses: actions/setup-java@v5
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.0.0
Review Comment:
Latest is `v5.2.0`: https://github.com/actions/setup-java/releases/tag/v5.2.0
##########
.github/workflows/release.yml:
##########
@@ -23,18 +23,18 @@ jobs:
- name: "📝 Establish release version"
run: echo "VERSION=${TAG#v}" >> "$GITHUB_ENV"
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
with:
ref: ${{ env.TAG }}
path: ${{ env.REPO_NAME }}
token: ${{ secrets.GITHUB_TOKEN }} # This should not be needed as
${{ github.token }} is the default, but there have been issues with it.
- name: "☕️ Setup JDK"
Review Comment:
Latest is `v5.2.0`: https://github.com/actions/setup-java/releases/tag/v5.2.0
##########
.github/workflows/release.yml:
##########
@@ -23,18 +23,18 @@ jobs:
- name: "📝 Establish release version"
run: echo "VERSION=${TAG#v}" >> "$GITHUB_ENV"
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
with:
ref: ${{ env.TAG }}
path: ${{ env.REPO_NAME }}
token: ${{ secrets.GITHUB_TOKEN }} # This should not be needed as
${{ github.token }} is the default, but there have been issues with it.
- name: "☕️ Setup JDK"
- uses: actions/setup-java@v5
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.0.0
with:
distribution: ${{ env.JAVA_DISTRIBUTION }}
java-version: ${{ env.JAVA_VERSION }}
- name: "🐘 Setup Gradle"
- uses: gradle/actions/setup-gradle@v5
+ uses:
gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
Review Comment:
There is v5.0.2 version released on Feb 24.
https://github.com/gradle/actions/releases/tag/v5.0.2. There is also v6.0.1 but
there seems to have been some changes to the caching component in v6. I'm not
entirely sure what that change means for us.
##########
.github/workflows/release.yml:
##########
@@ -23,18 +23,18 @@ jobs:
- name: "📝 Establish release version"
run: echo "VERSION=${TAG#v}" >> "$GITHUB_ENV"
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
Review Comment:
This SHA is for version `v6.0.2`.
https://github.com/actions/checkout/releases/tag/v6.0.2
##########
.github/workflows/release-notes.yml:
##########
@@ -37,6 +37,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "📝 Update Release Draft"
- uses: release-drafter/release-drafter@v6
+ uses:
release-drafter/release-drafter@67e173cadb2fbd3de94f4a861e0c48c913b462ae #
v6.0.0
Review Comment:
Latest is `v7.1.1`:
https://github.com/release-drafter/release-drafter/releases/tag/v7.1.1
##########
.github/workflows/ci.yml:
##########
@@ -36,14 +36,14 @@ jobs:
- name: "Output Agent IP" # in the event RAO blocks this agent, this can
be used to debug it
run: curl -s https://api.ipify.org
- name: "📥 Checkout repository"
- uses: actions/checkout@v6
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #
v6.0.0
- name: "☕️ Setup JDK"
- uses: actions/setup-java@v5
+ uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #
v5.0.0
with:
distribution: liberica
java-version: ${{ matrix.java }}
- name: "🐘 Setup Gradle"
- uses: gradle/actions/setup-gradle@v5
+ uses:
gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
Review Comment:
There is `v5.0.2` version released on Feb 24.
https://github.com/gradle/actions/releases/tag/v5.0.2. There is also `v6.0.1`
but there seems to have been some changes to the caching component in `v6`. I'm
not entirely sure what that change means for us.
##########
.github/workflows/release.yml:
##########
@@ -103,7 +103,7 @@ jobs:
> "apache-${REPO_NAME}-${VERSION}-src.zip.sha512"
cat "./apache-${REPO_NAME}-${VERSION}-src.zip.sha512"
- name: "🚀 Upload ZIP and Signature to GitHub Release"
- uses: softprops/action-gh-release@v2
+ uses:
softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.0.0
Review Comment:
Latest is `v2.6.1`:
https://github.com/softprops/action-gh-release/releases/tag/v2.6.1
##########
.github/workflows/release.yml:
##########
@@ -181,12 +181,12 @@ jobs:
cd dev-repo
svn info "$VERSION" > "DIST_SVN_REVISION.txt"
- name: "📤 Upload the Distribution SVN revision file"
- uses: softprops/action-gh-release@v2
+ uses:
softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.0.0
Review Comment:
Latest is `v2.6.1`:
https://github.com/softprops/action-gh-release/releases/tag/v2.6.1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
