Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# compose runs the container as ${UID:-1000}:${GID:-1000} and bind-mounts
# the checkout at /workspace; the GitHub runner user is uid 1001, so without
# this the container would run as 1000 and Gradle could not write the
Expand All @@ -58,7 +58,7 @@ jobs:
# compatible cache, keeping the build cache warm as sources evolve. The cross-OS dist legs get
# the same benefit via setup-gradle; this closes the gap for the Docker-based jobs.
- name: cache gradle home
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
with:
path: |
.gradle-home/caches
Expand Down Expand Up @@ -110,7 +110,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# The SPA's Node + pnpm toolchain lives in the dev image at pinned versions (same as the build
# job), so Prettier, svelte-check, and the vite build all run there rather than against a
# different host toolchain. See the build job for the uid/gid rationale.
Expand Down Expand Up @@ -142,7 +142,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: crate-ci/typos@37bb98842b0d8c4ffebdb75301a13db0267cef89 # v1.47.2
# Versions pinned to match the dev image (root Dockerfile) so CI and the
# container can never check formatting with different tool versions.
Expand Down Expand Up @@ -180,7 +180,7 @@ jobs:
# rewrite.yml). rewriteDryRun parses sources only.
continue-on-error: true
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# See the build job: compose must run as the 1001 runner user, not the 1000
# default, or Gradle cannot write into the bind-mounted checkout.
- name: export host uid/gid for compose
Expand All @@ -190,7 +190,7 @@ jobs:
# Restore-only: reuse the Gradle home the build job populates (warm dependencies for the
# dry-run) without saving a second, duplicate cache from this advisory job.
- name: restore gradle home
uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
with:
path: |
.gradle-home/caches
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dev-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
with:
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/distribution.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# compose runs as ${UID:-1000}:${GID:-1000}; the runner user is uid 1001, so
# export the real ids or Gradle cannot write the bind-mounted build/ dirs.
- name: export host uid/gid for compose
Expand All @@ -55,7 +55,7 @@ jobs:
# it, and an ephemeral runner starts cold otherwise. The cross-OS legs already cache via
# setup-gradle in setup-jdk-gradle; this closes the gap for this Docker-based leg.
- name: cache gradle home
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
with:
path: |
.gradle-home/caches
Expand Down Expand Up @@ -160,7 +160,7 @@ jobs:
matrix:
os: [macos-latest, windows-latest]
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite.
- uses: ./.github/actions/setup-jdk-gradle

Expand Down Expand Up @@ -210,7 +210,7 @@ jobs:
matrix:
os: [windows-latest, macos-latest]
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite.
- uses: ./.github/actions/setup-jdk-gradle

Expand Down Expand Up @@ -290,7 +290,7 @@ jobs:
matrix:
os: [windows-latest, macos-latest]
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite.
- uses: ./.github/actions/setup-jdk-gradle
# Node + pnpm for the Gradle-driven SPA build (download=false → the PATH node/pnpm). Pinned to
Expand Down Expand Up @@ -363,7 +363,7 @@ jobs:
matrix:
os: [windows-latest, macos-latest]
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# Liberica JDK 25 Full (jmods for jlink/jpackage) + Gradle — shared composite.
- uses: ./.github/actions/setup-jdk-gradle

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# compose runs the container as ${UID:-1000}:${GID:-1000} and bind-mounts
# the checkout at /workspace; the runner user is uid 1001, so export the
# real ids or Gradle cannot write the bind-mounted build/docs/javadoc.
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/freshness.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# compose runs as ${UID:-1000}:${GID:-1000}; the runner user is uid 1001, so
# export the real ids or Gradle cannot write the bind-mounted build/ dirs.
- name: export host uid/gid for compose
Expand Down
Loading