chore: pin GitHub Actions to SHA for supply chain security

.github/workflows/security-check.yaml

@@ -0,0 +1,8 @@
+name: Security Check
+on:
+  pull_request:
+
+jobs:
+  security-check:
+    uses: Buzzvil/workflows/.github/workflows/security-check.yaml@main
+    secrets: inherit

.github/workflows/test-framework-ada.yml

@@ -37,8 +37,8 @@ jobs:
         java: [ 8 ]
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
+      - uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde  # v1
         with:
           java-version: ${{ matrix.java }}
       - name: build codegen
@@ -59,7 +59,7 @@ jobs:
             cp modules/swagger-codegen-cli/target/swagger-codegen-cli.jar codegen-cli
           fi
       - name: upload codegen cli
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: codegen-cli
           path: codegen-cli
@@ -82,12 +82,12 @@ jobs:
       generate_outcome: ${{ steps.outcome.outputs.generate_outcome }}
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
+      - uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde  # v1
         with:
           java-version: ${{ matrix.java }}
       - name: Download codegen cli
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: codegen-cli
       - name: generate
@@ -104,18 +104,18 @@ jobs:
           echo "::set-output name=generate_outcome::${{ steps.generate.outcome }}"
           echo ${{ steps.generate.outcome }} > generate_outcome_${{ env.JOB_NAME }}
       - name: upload generate outcome
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_outcome
           path: generate_outcome_${{ env.JOB_NAME }}
       - name: upload generate logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_logs
           path: ${{ steps.generate.outputs.logs }}
       - name: upload generated code
         if: contains(steps.generate.outcome, 'success')
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generated
           path: ${{ steps.generate.outputs.path }}
@@ -144,20 +144,20 @@ jobs:
       ##### END DYNAMIC: Dependent on build environment
       ###############################################
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
       - name: Download artifacts
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: ${{ env.JOB_NAME }}generated
           path: generated/${{ env.JOB_NAME }}
       - name: Download logs
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_logs
     ###############################################
     ##### DYNAMIC: Dependent on build environment
     ###############################################
-      - uses: ada-actions/toolchain@dev
+      - uses: ada-actions/toolchain@d6c5b8a6e7d5205b96948c84f66a2d3fe3a24707  # dev
         with:
           distrib: fsf
           target: native
@@ -177,12 +177,12 @@ jobs:
           echo "::set-output name=build_outcome::${{ steps.build.outcome }}"
           echo ${{ steps.build.outcome }} > ${{ env.JOB_NAME }}build_outcome
       - name: upload build outcome
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}build_outcome
           path: ${{ env.JOB_NAME }}build_outcome
       - name: upload logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}logs
           path: ${{ steps.build.outputs.logs }}

.github/workflows/test-framework-clojure.yml

@@ -37,8 +37,8 @@ jobs:
         java: [ 8 ]
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
+      - uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde  # v1
         with:
           java-version: ${{ matrix.java }}
       - name: build codegen
@@ -59,7 +59,7 @@ jobs:
             cp modules/swagger-codegen-cli/target/swagger-codegen-cli.jar codegen-cli
           fi
       - name: upload codegen cli
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: codegen-cli
           path: codegen-cli
@@ -82,12 +82,12 @@ jobs:
       generate_outcome: ${{ steps.outcome.outputs.generate_outcome }}
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
+      - uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde  # v1
         with:
           java-version: ${{ matrix.java }}
       - name: Download codegen cli
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: codegen-cli
       - name: generate
@@ -104,18 +104,18 @@ jobs:
           echo "::set-output name=generate_outcome::${{ steps.generate.outcome }}"
           echo ${{ steps.generate.outcome }} > generate_outcome_${{ env.JOB_NAME }}
       - name: upload generate outcome
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_outcome
           path: generate_outcome_${{ env.JOB_NAME }}
       - name: upload generate logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_logs
           path: ${{ steps.generate.outputs.logs }}
       - name: upload generated code
         if: contains(steps.generate.outcome, 'success')
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generated
           path: ${{ steps.generate.outputs.path }}
@@ -144,25 +144,25 @@ jobs:
     ##### END DYNAMIC: Dependent on build environment
     ###############################################
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
       - name: Download artifacts
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: ${{ env.JOB_NAME }}generated
           path: generated/${{ env.JOB_NAME }}
       - name: Download logs
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_logs
     ###############################################
     ##### DYNAMIC: Dependent on build environment
     ###############################################
       - name: Set up JDK 1.8
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde  # v1
         with:
           java-version: ${{ matrix.java-version }}
       - name: Install clojure tools
-        uses: DeLaGuardo/setup-clojure@3.2
+        uses: DeLaGuardo/setup-clojure@876708bc5bf8a184ed3041180a0a626f406e8ef1  # 3.2
         with:
           cli: 1.10.1.693
           lein: 2.9.1
@@ -183,12 +183,12 @@ jobs:
           echo "::set-output name=build_outcome::${{ steps.build.outcome }}"
           echo ${{ steps.build.outcome }} > ${{ env.JOB_NAME }}build_outcome
       - name: upload build outcome
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}build_outcome
           path: ${{ env.JOB_NAME }}build_outcome
       - name: upload logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}logs
           path: ${{ steps.build.outputs.logs }}

.github/workflows/test-framework-dart.yml

@@ -37,8 +37,8 @@ jobs:
         java: [ 8 ]
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
+      - uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde  # v1
         with:
           java-version: ${{ matrix.java }}
       - name: build codegen
@@ -59,7 +59,7 @@ jobs:
             cp modules/swagger-codegen-cli/target/swagger-codegen-cli.jar codegen-cli
           fi
       - name: upload codegen cli
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: codegen-cli
           path: codegen-cli
@@ -82,12 +82,12 @@ jobs:
       generate_outcome: ${{ steps.outcome.outputs.generate_outcome }}
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
+      - uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde  # v1
         with:
           java-version: ${{ matrix.java }}
       - name: Download codegen cli
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: codegen-cli
       - name: generate
@@ -104,18 +104,18 @@ jobs:
           echo "::set-output name=generate_outcome::${{ steps.generate.outcome }}"
           echo ${{ steps.generate.outcome }} > generate_outcome_${{ env.JOB_NAME }}
       - name: upload generate outcome
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_outcome
           path: generate_outcome_${{ env.JOB_NAME }}
       - name: upload generate logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_logs
           path: ${{ steps.generate.outputs.logs }}
       - name: upload generated code
         if: contains(steps.generate.outcome, 'success')
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}generated
           path: ${{ steps.generate.outputs.path }}
@@ -135,20 +135,20 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5  # v2
       - name: Download artifacts
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: ${{ env.JOB_NAME }}generated
           path: generated/${{ env.JOB_NAME }}
       - name: Download logs
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281  # v2
         with:
           name: ${{ env.JOB_NAME }}generate_logs
     ###############################################
     ##### DYNAMIC: Dependent on build environment
     ###############################################
-      - uses: dart-lang/setup-dart@v1
+      - uses: dart-lang/setup-dart@e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c  # v1
     ###############################################
     ##### END DYNAMIC: Dependent on build environment
     ###############################################
@@ -165,12 +165,12 @@ jobs:
           echo "::set-output name=build_outcome::${{ steps.build.outcome }}"
           echo ${{ steps.build.outcome }} > ${{ env.JOB_NAME }}build_outcome
       - name: upload build outcome
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}build_outcome
           path: ${{ env.JOB_NAME }}build_outcome
       - name: upload logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2  # v2
         with:
           name: ${{ env.JOB_NAME }}logs
           path: ${{ steps.build.outputs.logs }}