This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new 768e1f95fc Github Actions Security Best practices: Pin Actions to
Full lenght Commit SHA - Generate SBOM workflow (#6409)
768e1f95fc is described below
commit 768e1f95fcaab51c0c3e142bf70da5fedd3f0871
Author: Andrea Cosentino <anco...@gmail.com>
AuthorDate: Tue Sep 3 08:08:11 2024 +0200
Github Actions Security Best practices: Pin Actions to Full lenght Commit
SHA - Generate SBOM workflow (#6409)
---
.github/workflows/generate-sbom-main.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/generate-sbom-main.yml
b/.github/workflows/generate-sbom-main.yml
index 4888f0d270..4fe5fd4a9d 100644
--- a/.github/workflows/generate-sbom-main.yml
+++ b/.github/workflows/generate-sbom-main.yml
@@ -41,11 +41,11 @@ jobs:
matrix:
java: [ '17' ]
steps:
- - uses: actions/checkout@v4
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #
v4.1.7
with:
persist-credentials: false
- name: Set up JDK ${{ matrix.java }}
- uses: actions/setup-java@v4
+ uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 #
v4.2.2
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
@@ -53,7 +53,7 @@ jobs:
- name: mvn build and sbom generation
run: ./mvnw -V --no-transfer-progress -e -Psbom -Dquickly -DskipTests
verify ${CQ_MAVEN_ARGS}
- name: Create Pull Request
- uses: peter-evans/create-pull-request@v6
+ uses:
peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #
v6.1.0
with:
base: main
token: ${{ secrets.GITHUB_TOKEN }}
