diff --git a/.github/workflows/qa-deprecated-c-cpp.yml b/.github/workflows/qa-deprecated-c-cpp.yml index f4c39de..0386157 100644 --- a/.github/workflows/qa-deprecated-c-cpp.yml +++ b/.github/workflows/qa-deprecated-c-cpp.yml @@ -34,7 +34,7 @@ jobs: exit 1 fi - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis diff --git a/.github/workflows/qa-install-build-wrapper.yml b/.github/workflows/qa-install-build-wrapper.yml index 28fdb3d..4d8afec 100644 --- a/.github/workflows/qa-install-build-wrapper.yml +++ b/.github/workflows/qa-install-build-wrapper.yml @@ -34,7 +34,7 @@ jobs: exit 1 fi - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis diff --git a/.github/workflows/qa-main.yml b/.github/workflows/qa-main.yml index 48ab66c..e38f2e9 100644 --- a/.github/workflows/qa-main.yml +++ b/.github/workflows/qa-main.yml @@ -17,7 +17,7 @@ jobs: os: [github-ubuntu-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action without args @@ -37,7 +37,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with args @@ -66,7 +66,7 @@ jobs: ] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with args @@ -93,7 +93,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with args @@ -121,7 +121,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with args @@ -148,7 +148,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with args @@ -178,7 +178,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - run: mkdir -p ./baseDir @@ -198,7 +198,7 @@ jobs: 'scannerVersion' input runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with scannerVersion @@ -222,7 +222,7 @@ jobs: 'scannerBinariesUrl' input with invalid URL runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with scannerBinariesUrl @@ -250,7 +250,7 @@ jobs: 'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with scannerBinariesUrl @@ -271,7 +271,7 @@ jobs: 'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Remove wget @@ -300,7 +300,7 @@ jobs: Don't fail on Gradle project runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action on Gradle project @@ -321,7 +321,7 @@ jobs: Don't fail on Kotlin Gradle project runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action on Kotlin Gradle project @@ -342,7 +342,7 @@ jobs: Don't fail on Maven project runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action on Maven project @@ -375,7 +375,7 @@ jobs: --health-timeout 5s --health-retries 10 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action on sample project @@ -398,7 +398,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with debug mode @@ -429,11 +429,11 @@ jobs: --health-timeout 5s --health-retries 10 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: SonarQube Cache - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ github.workspace }}/.sonar/cache key: ${{ runner.os }}-${{ runner.arch }}-sonar @@ -458,7 +458,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with SONARCLOUD_URL @@ -477,7 +477,7 @@ jobs: curl performs redirect when scannerBinariesUrl returns 3xx runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Remove wget @@ -521,7 +521,7 @@ jobs: os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with SSL certificate @@ -572,7 +572,7 @@ jobs: Analysis takes into account 'SONAR_ROOT_CERT' runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Generate server certificate @@ -680,7 +680,7 @@ jobs: truststore.p12 is updated when present runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Create SONAR_SSL_FOLDER with a file in it (not-truststore.p12) @@ -809,7 +809,7 @@ jobs: 'scannerVersion' input validation runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run action with invalid scannerVersion diff --git a/.github/workflows/qa-scripts.yml b/.github/workflows/qa-scripts.yml index 05234cb..b27fdcb 100644 --- a/.github/workflows/qa-scripts.yml +++ b/.github/workflows/qa-scripts.yml @@ -12,7 +12,7 @@ jobs: name: create_install_path.sh runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis @@ -123,7 +123,7 @@ jobs: SONAR_SCANNER_URL_MACOSX_AARCH64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-aarch64.zip' SONAR_SCANNER_SHA_MACOSX_AARCH64: 'DOWNLOAD-SHA-MACOSX-AARCH64' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis @@ -252,7 +252,7 @@ jobs: name: download.sh runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis @@ -321,7 +321,7 @@ jobs: name: fetch_latest_version.sh runs-on: github-ubuntu-latest-s steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Test script diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 5ed001e..8c75dbe 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -13,10 +13,10 @@ jobs: contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #v6.3.0 with: node-version: "24" cache: "npm" diff --git a/.github/workflows/update-tags.yml b/.github/workflows/update-tags.yml index 0b6d090..d932a44 100644 --- a/.github/workflows/update-tags.yml +++ b/.github/workflows/update-tags.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Parse semver uses: madhead/semver-utils@36d1e0ed361bd7b4b77665de8093092eaeabe6ba # v4.3.0 diff --git a/.github/workflows/version_update.yml b/.github/workflows/version_update.yml index 36b15cc..6bddf98 100644 --- a/.github/workflows/version_update.yml +++ b/.github/workflows/version_update.yml @@ -13,7 +13,7 @@ jobs: new-version: ${{ steps.latest-version.outputs.sonar-scanner-version }} steps: - run: sudo apt install -y jq - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: master fetch-depth: 0 @@ -49,7 +49,7 @@ jobs: pull-requests: write if: needs.check-version.outputs.should_update == 'true' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: master persist-credentials: true diff --git a/deprecated-c-cpp/action.yml b/deprecated-c-cpp/action.yml index a1e420f..c711dee 100644 --- a/deprecated-c-cpp/action.yml +++ b/deprecated-c-cpp/action.yml @@ -71,7 +71,7 @@ runs: - name: Cache sonar-scanner installation id: cache-sonar-tools if: inputs.cache-binaries == 'true' - uses: actions/cache@v4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 env: # The default value is 60mins. Reaching timeout is treated the same as a cache miss. SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1