From 3fffc99fd74cffc2f657f2e8f131a1586db96636 Mon Sep 17 00:00:00 2001
From: Andrew Brandt <andrew.brandt@hashgraph.com>
Date: Sat, 24 May 2025 14:58:46 -0500
Subject: [PATCH 1/6] ci: update actions to pinned SHA numbers

**Description**:

Update the actions in the `testnet-build.yml` file to pinned commit SHAs.

**Related Issue(s)**:

Fixes #716

Signed-off-by: Andrew Brandt <andrew.brandt@hashgraph.com>
---
 .github/workflows/testnet-build.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/testnet-build.yml b/.github/workflows/testnet-build.yml
index ec557c0e1..ef92e07bf 100644
--- a/.github/workflows/testnet-build.yml
+++ b/.github/workflows/testnet-build.yml
@@ -17,12 +17,12 @@ jobs:
     # 1 - checkout project and dependencies
 
     - name: Checkout Phoenix
-      uses: actions/checkout@v2
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         path: phoenix
 
     - name: Checkout lightning-kmp
-      uses: actions/checkout@v2
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         repository: ACINQ/lightning-kmp
         ref: master
@@ -31,14 +31,14 @@ jobs:
     # 2 - setup cache/jdk
 
     - name: Cached Konan
-      uses: actions/cache@v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ~/.konan
         key: ${{ runner.os }}-konan-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
         restore-keys: ${{ runner.os }}-konan-
 
     - name: Set up jdk 1.17
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
       with:
         java-version: 17
 

From 0b3d5ba048c54b78dd7862f18c9a5c5090d21b43 Mon Sep 17 00:00:00 2001
From: Andrew Brandt <andrew.brandt@hashgraph.com>
Date: Sat, 24 May 2025 15:01:40 -0500
Subject: [PATCH 2/6] ci: switch to setup-java v1

Signed-off-by: Andrew Brandt <andrew.brandt@hashgraph.com>
---
 .github/workflows/testnet-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/testnet-build.yml b/.github/workflows/testnet-build.yml
index ef92e07bf..d4eca333f 100644
--- a/.github/workflows/testnet-build.yml
+++ b/.github/workflows/testnet-build.yml
@@ -38,7 +38,7 @@ jobs:
         restore-keys: ${{ runner.os }}-konan-
 
     - name: Set up jdk 1.17
-      uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
+      uses: actions/setup-java@b6e674f4b717d7b0ae3baee0fbe79f498905dfde # v1.4.4
       with:
         java-version: 17
 

From 51b31fd686ef7619841c520e5f27c108de4d4f52 Mon Sep 17 00:00:00 2001
From: Andrew Brandt <andrew.brandt@hashgraph.com>
Date: Sat, 24 May 2025 15:03:40 -0500
Subject: [PATCH 3/6] ci: update sha for upload-artifact action

Signed-off-by: Andrew Brandt <andrew.brandt@hashgraph.com>
---
 .github/workflows/testnet-build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/testnet-build.yml b/.github/workflows/testnet-build.yml
index d4eca333f..c5bbd1c05 100644
--- a/.github/workflows/testnet-build.yml
+++ b/.github/workflows/testnet-build.yml
@@ -78,7 +78,7 @@ jobs:
       # 5 - upload apk
 
     - name: Upload apk as artifact for this action
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       with:
         name: phoenix-testnet
         path: upload/phoenix-testnet-latest.apk

From 4d75ad23fef2c8f2bcdbc25390dcdba4870ec7df Mon Sep 17 00:00:00 2001
From: Andrew Brandt <andrew.brandt@hashgraph.com>
Date: Sat, 24 May 2025 15:04:54 -0500
Subject: [PATCH 4/6] ci: add dependabot config file

Signed-off-by: Andrew Brandt <andrew.brandt@hashgraph.com>
---
 .github/dependabot.yml | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..c8c5ac6e0
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
\ No newline at end of file

From 06d2f4c5f75d51ce8ffd36d9fb05d87bf809dd75 Mon Sep 17 00:00:00 2001
From: Andrew Brandt <andrew.brandt@hashgraph.com>
Date: Sat, 24 May 2025 15:08:48 -0500
Subject: [PATCH 5/6] ci: add newline to end of dependabot config file

Signed-off-by: Andrew Brandt <andrew.brandt@hashgraph.com>
---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c8c5ac6e0..10256a128 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,4 +4,4 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    open-pull-requests-limit: 10
\ No newline at end of file
+    open-pull-requests-limit: 10

From 2e88b71c04a0ad4ed1a7215e9cc348128f40c247 Mon Sep 17 00:00:00 2001
From: Andrew Brandt <andrew.brandt@hashgraph.com>
Date: Fri, 6 Jun 2025 08:35:35 -0500
Subject: [PATCH 6/6] remove dependabot.yml

Signed-off-by: Andrew Brandt <andrew.brandt@hashgraph.com>
---
 .github/dependabot.yml | 7 -------
 1 file changed, 7 deletions(-)
 delete mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 10256a128..000000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10