2 лет назад · bd6375e2cf
--- a/.github/actions/package-macos/action.yaml
+++ b/.github/actions/package-macos/action.yaml
@@ -51,7 +51,7 @@ runs:
 
				             echo "SELF_HOSTED=false" >> $GITHUB_OUTPUT
			
 
				             ;;
			
 
				         esac
			
 
				-    - uses: actions/cache@v3
			
 
				+    - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
			
 
				       id: cache
			
 
				       if: steps.prepare.outputs.SELF_HOSTED != 'true'
			
 
				       with:
			
--- a/.github/actions/prepare-jmeter/action.yaml
+++ b/.github/actions/prepare-jmeter/action.yaml
@@ -8,7 +8,7 @@ inputs:
 
				 runs:
			
 
				   using: composite
			
 
				   steps:
			
 
				-    - uses: actions/download-artifact@v3
			
 
				+    - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
			
 
				       with:
			
 
				         name: emqx-docker
			
 
				         path: /tmp
			
@@ -19,19 +19,19 @@ runs:
 
				       run: |
			
 
				         EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
			
 
				         echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
			
 
				-    - uses: actions/checkout@v3
			
 
				+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
			
 
				       with:
			
 
				         repository: emqx/emqx-fvt
			
 
				         ref: broker-autotest-v5
			
 
				         path: scripts
			
 
				-    - uses: actions/setup-java@v3
			
 
				+    - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
			
 
				       with:
			
 
				         java-version: '8.0.282' # The JDK version to make available on the path.
			
 
				         java-package: jdk # (jre, jdk, or jdk+fx) - defaults to jdk
			
 
				         architecture: x64 # (x64 or x86) - defaults to x64
			
 
				         # https://github.com/actions/setup-java/blob/main/docs/switching-to-v2.md
			
 
				         distribution: 'zulu'
			
 
				-    - uses: actions/download-artifact@v3
			
 
				+    - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
			
 
				       with:
			
 
				         name: apache-jmeter.tgz
			
 
				     - name: install jmeter
			
--- a/scripts/bump-actions-versions.sh
+++ b/scripts/bump-actions-versions.sh
@@ -2,7 +2,7 @@
 
				 
			
 
				 set -euo pipefail
			
 
				 
			
 
				-actions=( 'actions/checkout' 'actions/cache' 'actions/stale' 'actions/upload-artifact' 'actions/download-artifact' 'aws-actions/configure-aws-credentials' 'ossf/scorecard-action' 'erlef/setup-beam' 'slackapi/slack-github-action' 'hashicorp/setup-terraform' 'docker/login-action' 'docker/setup-buildx-action' 'docker/setup-qemu-action' )
			
 
				+actions=( 'actions/checkout' 'actions/cache' 'actions/stale' 'actions/upload-artifact' 'actions/download-artifact' 'aws-actions/configure-aws-credentials' 'ossf/scorecard-action' 'erlef/setup-beam' 'slackapi/slack-github-action' 'hashicorp/setup-terraform' 'docker/login-action' 'docker/setup-buildx-action' 'docker/setup-qemu-action' 'actions/setup-java' )
			
 
				 for a in "${actions[@]}"; do
			
 
				     # shellcheck disable=SC2086
			
 
				     TAG=$(curl -sSfL -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$a/releases/latest | jq -r '.tag_name')
			
@@ -17,5 +17,7 @@ for a in "${actions[@]}"; do
 
				     fi
			
 
				     echo "Bumping $a to $TAG ($COMMIT_SHA)"
			
 
				     sed -i.bak -e "s|uses: $a.*$|uses: $a@$COMMIT_SHA # $TAG|g" .github/workflows/*.yaml
			
 
				+    sed -i.bak -e "s|uses: $a.*$|uses: $a@$COMMIT_SHA # $TAG|g" .github/actions/*/*.yaml
			
 
				     rm .github/workflows/*.bak
			
 
				+    rm .github/actions/*/*.bak
			
 
				 done