From 6812ab1c8e9c9010b1368f331bf0ffa451b3bc0e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 08:46:36 +0000 Subject: [PATCH 1/4] Initial plan From 80825ae826bceb97aa4691676e728252e62ae25d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 08:50:36 +0000 Subject: [PATCH 2/4] Pin GitHub Actions dependencies to specific commit SHAs Co-authored-by: scordio <26772046+scordio@users.noreply.github.com> --- .github/dependabot.yml | 4 ++++ .github/workflows/main.yml | 14 +++++++------- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e1d1cc7..c90125c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,3 +8,7 @@ updates: directory: "/" schedule: interval: "weekly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0f60ce9..3682196 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,9 +19,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Java - uses: actions/setup-java@v5 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: '21' distribution: 'zulu' @@ -40,7 +40,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Java uses: oracle-actions/setup-java@v1 with: @@ -56,9 +56,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Java - uses: actions/setup-java@v5 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: '21' distribution: 'zulu' @@ -74,9 +74,9 @@ jobs: if: github.repository_owner == 'assertj' && github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Maven Central - uses: actions/setup-java@v5 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: 'zulu' java-version: '21' From dcd74ee9b8b9930fe1f53ef9de098dc7fa5d15f6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 08:56:14 +0000 Subject: [PATCH 3/4] Pin oracle-actions/setup-java@v1 to specific commit SHA Co-authored-by: scordio <26772046+scordio@users.noreply.github.com> --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3682196..c7f213d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,7 +42,7 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Java - uses: oracle-actions/setup-java@v1 + uses: oracle-actions/setup-java@e2d42a9441a0f656248f55d2729550221330968e # v1 with: website: jdk.java.net release: ${{ matrix.java }} From a3754ace28845e5a45f2c79dbe1085f565f5b828 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 09:01:45 +0000 Subject: [PATCH 4/4] Pin oracle-actions/setup-java to v1.4.2 instead of v1 major version Co-authored-by: scordio <26772046+scordio@users.noreply.github.com> --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c7f213d..7c9478e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,7 +42,7 @@ jobs: steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Java - uses: oracle-actions/setup-java@e2d42a9441a0f656248f55d2729550221330968e # v1 + uses: oracle-actions/setup-java@b1546e588c27008e88bfcabda44d11c22316b9b8 # v1.4.2 with: website: jdk.java.net release: ${{ matrix.java }}