From 0d19bf1951374c81593eb246c1360bdea7f9f418 Mon Sep 17 00:00:00 2001 From: wpessers Date: Thu, 26 Mar 2026 20:36:45 +0100 Subject: [PATCH 1/2] ci(nodejs): use npm ci instead of npm install to enforce lockfile versions --- .github/workflows/ci-nodejs.yml | 2 +- .github/workflows/release-layer-nodejs.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-nodejs.yml b/.github/workflows/ci-nodejs.yml index 19fe66f000..fb45f65389 100644 --- a/.github/workflows/ci-nodejs.yml +++ b/.github/workflows/ci-nodejs.yml @@ -31,7 +31,7 @@ jobs: key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-node- - - run: npm install + - run: npm ci working-directory: nodejs - run: npm run lint working-directory: nodejs diff --git a/.github/workflows/release-layer-nodejs.yml b/.github/workflows/release-layer-nodejs.yml index 48599ac7f6..1f42c5da96 100644 --- a/.github/workflows/release-layer-nodejs.yml +++ b/.github/workflows/release-layer-nodejs.yml @@ -36,7 +36,7 @@ jobs: - name: Build run: | - npm install + npm ci npm run build working-directory: nodejs From 98ed9cd3883aa93097ae68772961f36064d0d733 Mon Sep 17 00:00:00 2001 From: wpessers Date: Thu, 26 Mar 2026 20:41:58 +0100 Subject: [PATCH 2/2] ci(java): pin setup-gradle action version to commit hash --- .github/workflows/release-layer-java.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-layer-java.yml b/.github/workflows/release-layer-java.yml index 2e8f059e7c..593a3c2d75 100644 --- a/.github/workflows/release-layer-java.yml +++ b/.github/workflows/release-layer-java.yml @@ -37,7 +37,7 @@ jobs: java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 - name: Execute Gradle build run: |