Skip to content

Commit 70ffbcc

Browse files
authored
Update and pin workflows (#904)
* update workflow action versions * update rest of actions * Pin workflows to sha
1 parent 1f6df41 commit 70ffbcc

File tree

5 files changed

+37
-37
lines changed

5 files changed

+37
-37
lines changed

.github/workflows/android.yml

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -28,18 +28,18 @@ jobs:
2828
working-directory: ./client-sdk-android
2929
steps:
3030
- name: checkout client-sdk-android
31-
uses: actions/checkout@v4.0.0
31+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3232
with:
3333
path: ./client-sdk-android
3434
submodules: recursive
3535

3636
- name: set up JDK 17
37-
uses: actions/setup-java@v4
37+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
3838
with:
3939
java-version: '17'
4040
distribution: 'adopt'
4141

42-
- uses: actions/cache@v4
42+
- uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
4343
with:
4444
path: |
4545
~/.gradle/caches
@@ -62,7 +62,7 @@ jobs:
6262
run: ./gradlew assembleRelease livekit-android-test:testRelease
6363

6464
- name: Upload AAR
65-
uses: actions/upload-artifact@v6
65+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
6666
with:
6767
name: livekit-android-sdk-release.aar
6868
path: client-sdk-android/livekit-android-sdk/build/outputs/aar/livekit-android-sdk-release.aar
@@ -187,7 +187,7 @@ jobs:
187187
# Setting up diffuse artifacts
188188
- name: Setup cache for base source file for diffuse
189189
if: github.event_name == 'push'
190-
uses: actions/cache@v4
190+
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
191191
with:
192192
path: client-sdk-android/diffuse-source-file
193193
key: diffuse-${{ github.sha }}
@@ -200,7 +200,7 @@ jobs:
200200

201201
- name: Repository Dispatch
202202
if: github.event_name == 'push'
203-
uses: peter-evans/repository-dispatch@v2
203+
uses: peter-evans/repository-dispatch@bf47d102fdb849e755b0b0023ea3e81a44b6f570 # v2.1.2
204204
with:
205205
token: ${{ secrets.E2E_DISPATCH_TOKEN }}
206206
repository: livekit/e2e-android
@@ -213,26 +213,26 @@ jobs:
213213
name: Diffuse checker
214214
needs: build
215215
steps:
216-
- uses: actions/setup-java@v4
216+
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
217217
with:
218218
java-version: '17'
219219
distribution: 'adopt'
220220

221221
# Diffuse checking for pull requests
222-
- uses: actions/cache@v4
222+
- uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
223223
name: Download base source AAR for diffuse
224224
with:
225225
path: client-sdk-android/diffuse-source-file
226226
key: diffuse-${{ github.event.pull_request.base.sha }}
227227

228-
- uses: actions/download-artifact@v5
228+
- uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
229229
name: Download current release AAR for diffuse
230230
with:
231231
name: livekit-android-sdk-release.aar
232232
path: client-sdk-android/
233233

234234
- id: diffuse
235-
uses: usefulness/diffuse-action@v1
235+
uses: usefulness/diffuse-action@41995fe8ff6be0a8847e63bdc5a4679c704b455c # v0.11.0
236236
with:
237237
old-file-path: client-sdk-android/diffuse-source-file
238238
new-file-path: client-sdk-android/livekit-android-sdk-release.aar
@@ -244,14 +244,14 @@ jobs:
244244
245245
# Consuming diffuse action output
246246

247-
- uses: peter-evans/find-comment@v4
247+
- uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
248248
if: github.event.pull_request.head.repo.full_name == github.repository
249249
id: find_comment
250250
with:
251251
issue-number: ${{ github.event.pull_request.number }}
252252
body-includes: Diffuse output
253253

254-
- uses: peter-evans/create-or-update-comment@v5
254+
- uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
255255
if: github.event.pull_request.head.repo.full_name == github.repository && (steps.diffuse.outputs.diff-raw != null || steps.find_comment.outputs.comment-id != null)
256256
with:
257257
body: |
@@ -263,7 +263,7 @@ jobs:
263263
issue-number: ${{ github.event.pull_request.number }}
264264
token: ${{ secrets.GITHUB_TOKEN }}
265265

266-
- uses: actions/upload-artifact@v6
266+
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
267267
with:
268268
name: diffuse-output
269269
path: ${{ steps.diffuse.outputs.diff-file }}

.github/workflows/changesets.yml

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -19,16 +19,16 @@ jobs:
1919

2020
steps:
2121
- name: Checkout Repo
22-
uses: actions/checkout@v4
22+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2323

24-
- uses: pnpm/action-setup@v2
24+
- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
2525
with:
26-
version: 9
26+
version: 10
2727

28-
- name: Use Node.js 20
29-
uses: actions/setup-node@v4
28+
- name: Use Node.js 24
29+
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
3030
with:
31-
node-version: 20
31+
node-version: 24
3232
cache: "pnpm"
3333

3434
- name: Install dependencies
@@ -46,7 +46,7 @@ jobs:
4646

4747
- name: Create Release Pull Request
4848
id: changesets
49-
uses: changesets/action@v1
49+
uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1.7.0
5050
with:
5151
title: ${{ steps.getver.outputs.TITLE }}
5252
commit: ${{ steps.getver.outputs.TITLE }}
@@ -79,13 +79,13 @@ jobs:
7979
working-directory: ./client-sdk-android
8080
steps:
8181
- name: checkout client-sdk-android
82-
uses: actions/checkout@v4.0.0
82+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8383
with:
8484
path: ./client-sdk-android
8585
submodules: recursive
8686

8787
- name: set up JDK 17
88-
uses: actions/setup-java@v3.12.0
88+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
8989
with:
9090
java-version: '17'
9191
distribution: 'adopt'
@@ -135,7 +135,7 @@ jobs:
135135

136136
steps:
137137
- name: Checkout Repo
138-
uses: actions/checkout@v4
138+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
139139

140140
- name: Update snapshot
141141
id: update
@@ -147,7 +147,7 @@ jobs:
147147
run: echo $SNAPSHOT_VERSION
148148

149149
- name: Create Update SNAPSHOT Pull Request
150-
uses: peter-evans/create-pull-request@v6
150+
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
151151
with:
152152
token: ${{ secrets.CHANGESET_GH_TOKEN }}
153153
branch: dl/update_snapshot_ver
@@ -162,14 +162,14 @@ jobs:
162162

163163
steps:
164164
- name: Checkout Repo
165-
uses: actions/checkout@v4
165+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
166166

167167
- name: Get version
168168
id: version
169169
run: echo "VERSION=$(./ci/get_version.sh)" >> "$GITHUB_OUTPUT"
170170

171171
- name: Dispatch to components-android
172-
uses: peter-evans/repository-dispatch@v3
172+
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
173173
with:
174174
token: ${{ secrets.E2E_DISPATCH_TOKEN }}
175175
repository: livekit/components-android

.github/workflows/dependency_diff.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,18 @@ jobs:
1818
runs-on: ubuntu-latest
1919

2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222

23-
- uses: actions/setup-java@v4
23+
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
2424
with:
2525
distribution: 'adopt'
2626
java-version: 17
2727

28-
- uses: gradle/actions/setup-gradle@v4
28+
- uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1
2929

3030
- id: dependency-diff
3131
name: Generate dependency diff
32-
uses: usefulness/dependency-tree-diff-action@v2
32+
uses: usefulness/dependency-tree-diff-action@59b54501869fa22e102545c8a3a006aa3c3a3c2e # v2.2.0
3333
with:
3434
project: 'livekit-android-sdk'
3535

@@ -38,14 +38,14 @@ jobs:
3838
echo "Dependency diff:"
3939
echo "${{ steps.dependency-diff.outputs.text-diff }}"
4040
41-
- uses: peter-evans/find-comment@v4
41+
- uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
4242
if: github.event.pull_request.head.repo.full_name == github.repository
4343
id: find_comment
4444
with:
4545
issue-number: ${{ github.event.pull_request.number }}
4646
body-includes: Dependency diff
4747

48-
- uses: peter-evans/create-or-update-comment@v5
48+
- uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
4949
if: github.event.pull_request.head.repo.full_name == github.repository && (steps.dependency-diff.outputs.text-diff != null || steps.find_comment.outputs.comment-id != null)
5050
with:
5151
body: |

.github/workflows/release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,13 @@ jobs:
1111
working-directory: ./client-sdk-android
1212
steps:
1313
- name: checkout client-sdk-android
14-
uses: actions/checkout@v4.0.0
14+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1515
with:
1616
path: ./client-sdk-android
1717
submodules: recursive
1818

19-
- name: set up JDK 12
20-
uses: actions/setup-java@v3.12.0
19+
- name: set up JDK 17
20+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
2121
with:
2222
java-version: '17'
2323
distribution: 'adopt'

.github/workflows/update_snapshot_pr.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616

1717
steps:
1818
- name: Checkout Repo
19-
uses: actions/checkout@v4
19+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020

2121
- name: Update snapshot
2222
id: update
@@ -28,7 +28,7 @@ jobs:
2828
run: echo $SNAPSHOT_VERSION
2929

3030
- name: Create Update SNAPSHOT Pull Request
31-
uses: peter-evans/create-pull-request@v6
31+
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
3232
with:
3333
token: ${{ secrets.CHANGESET_GH_TOKEN }}
3434
branch: dl/update_snapshot_ver

0 commit comments

Comments
 (0)