Merge pull request #11175 from nextcloud/pinVersion

Pin versions

.github/workflows/analysis.yml

@@ -28,12 +28,12 @@ jobs:
                         echo "::set-output name=pr::${{ github.event.pull_request.number }}"
                         echo "::set-output name=repo::${{ github.event.pull_request.head.repo.full_name }}"
                     fi
-            -   uses: actions/checkout@v3
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
                 with:
                     repository: ${{ steps.get-vars.outputs.repo }}
                     ref: ${{ steps.get-vars.outputs.branch }}
             -   name: Set up JDK 11
-                uses: actions/setup-java@v3
+                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
                 with:
                     distribution: "temurin"
                     java-version: 11

.github/workflows/assembleFlavors.yml

@@ -15,9 +15,9 @@ jobs:
             matrix:
                 flavor: [ Generic, Gplay, Huawei ]
         steps:
-            -   uses: actions/checkout@v3
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
             -   name: set up JDK 11
-                uses: actions/setup-java@v3
+                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
                 with:
                     distribution: "temurin"
                     java-version: 11

.github/workflows/autoApproveDependabot.yml

@@ -10,7 +10,7 @@ jobs:
     auto-approve:
         runs-on: ubuntu-latest
         steps:
-            -   uses: hmarr/auto-approve-action@v3.1.0
+            -   uses: hmarr/auto-approve-action@de8ae18c173c131e182d4adf2c874d8d2308a85b # v3.1.0
                 if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
                 with:
                     github-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/check.yml

@@ -15,9 +15,9 @@ jobs:
             matrix:
                 task: [ detekt, spotlessKotlinCheck ]
         steps:
-            -   uses: actions/checkout@v3
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
             -   name: Set up JDK 11
-                uses: actions/setup-java@v3
+                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
                 with:
                     distribution: "temurin"
                     java-version: 11

.github/workflows/detectSnapshot.yml

@@ -12,6 +12,6 @@ jobs:
         runs-on: ubuntu-latest
 
         steps:
-            -   uses: actions/checkout@v3
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
             -   name: Detect SNAPSHOT
                 run: scripts/analysis/detectSNAPSHOT.sh

.github/workflows/gradle-wrapper-validation.yml

@@ -12,5 +12,5 @@ jobs:
         name: "Validation"
         runs-on: ubuntu-latest
         steps:
-            -   uses: actions/checkout@v3
-            -   uses: gradle/wrapper-validation-action@v1
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+            -   uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1

.github/workflows/qa.yml

@@ -15,10 +15,10 @@ jobs:
             -   name: Check if secrets are available
                 run: echo "::set-output name=ok::${{ secrets.KS_PASS != '' }}"
                 id: check-secrets
-            -   uses: actions/checkout@v3
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
                 if: ${{ steps.check-secrets.outputs.ok == 'true' }}
             -   name: set up JDK 11
-                uses: actions/setup-java@v3
+                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
                 if: ${{ steps.check-secrets.outputs.ok == 'true' }}
                 with:
                     distribution: "temurin"

.github/workflows/screenShotTest.yml

@@ -18,17 +18,17 @@ jobs:
                 color: [ blue ]
                 api-level: [ 27 ]
         steps:
-            -   uses: actions/checkout@v3
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
 
             -   name: Gradle cache
-                uses: actions/cache@v3
+                uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3
                 with:
                     path: |
                         ~/.gradle/caches
                         ~/.gradle/wrapper
                     key: gradle-${{ runner.os }}-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
             -   name: AVD cache
-                uses: actions/cache@v3
+                uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3
                 id: avd-cache
                 with:
                     path: |
@@ -36,14 +36,14 @@ jobs:
                         ~/.android/adb*
                     key: avd-${{ matrix.api-level }}
 
-            -   uses: actions/setup-java@v3
+            -   uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
                 with:
                     distribution: "temurin"
                     java-version: 11
 
             -   name: create AVD and generate snapshot for caching
                 if: steps.avd-cache.outputs.cache-hit != 'true'
-                uses: reactivecircus/android-emulator-runner@v2
+                uses: reactivecircus/android-emulator-runner@50986b1464923454c95e261820bc626f38490ec0 # v2
                 with:
                     api-level: ${{ matrix.api-level }}
                     force-avd-creation: false
@@ -64,12 +64,12 @@ jobs:
 
             -   name: Delete old comments
                 env:
-                    GITHUB_TOKEN:  ${{ secrets.GITHUB_TOKEN }}
+                    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                 if: ${{ always() }}
                 run: scripts/deleteOldComments.sh "${{ matrix.color }}-${{ matrix.scheme }}" "Screenshot" ${{github.event.number}}
 
             -   name: Run screenshot tests
-                uses: reactivecircus/android-emulator-runner@v2
+                uses: reactivecircus/android-emulator-runner@50986b1464923454c95e261820bc626f38490ec0 # v2
                 with:
                     api-level: ${{ matrix.api-level }}
                     force-avd-creation: false
@@ -82,8 +82,7 @@ jobs:
                 if: ${{ failure() }}
                 env:
                     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-                run:
-                    scripts/uploadReport.sh "${{ secrets.LOG_USERNAME }}" "${{ secrets.LOG_PASSWORD }}" ${{github.event.number}} "${{ matrix.color }}-${{ matrix.scheme }}" "Screenshot" ${{github.event.number}}
+                run: scripts/uploadReport.sh "${{ secrets.LOG_USERNAME }}" "${{ secrets.LOG_PASSWORD }}" ${{github.event.number}} "${{ matrix.color }}-${{ matrix.scheme }}" "Screenshot" ${{github.event.number}}
             -   name: Archive Espresso results
                 uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb
                 if: ${{ always() }}

.github/workflows/unit-tests.yml

@@ -14,29 +14,28 @@ jobs:
     test:
         runs-on: ubuntu-latest
         steps:
-            -   uses: actions/checkout@v3
+            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
             -   name: Set up JDK 11
-                uses: actions/setup-java@v3
+                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
                 with:
                     distribution: "temurin"
                     java-version: 11
             -   name: Delete old comments
                 env:
-                    GITHUB_TOKEN:  ${{ secrets.GITHUB_TOKEN }}
+                    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                 if: ${{ always() }}
                 run: scripts/deleteOldComments.sh "test" "Unit" ${{github.event.number}}
             -   name: Run unit tests with coverage
-                uses: gradle/gradle-build-action@v2
+                uses: gradle/gradle-build-action@3fbe033aaae657f011f88f29be9e65ed26bd29ef # v2
                 with:
                     arguments: jacocoTestGplayDebugUnitTest
             -   name: Upload failing results
                 if: ${{ failure() }}
                 env:
                     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-                run:
-                    scripts/uploadReport.sh "${{ secrets.LOG_USERNAME }}" "${{ secrets.LOG_PASSWORD }}" ${{github.event.number}} "test" "Unit" ${{github.event.number}}
+                run: scripts/uploadReport.sh "${{ secrets.LOG_USERNAME }}" "${{ secrets.LOG_PASSWORD }}" ${{github.event.number}} "test" "Unit" ${{github.event.number}}
             -   name: Upload coverage to codecov
-                uses: codecov/codecov-action@v3
+                uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3
                 with:
                     token: ${{ secrets.CODECOV_TOKEN }}
                     flags: unit