From 62810c3d2f96962143dc4008061a715d0baabe1c Mon Sep 17 00:00:00 2001 From: Thomas Piccirello Date: Wed, 20 May 2026 22:35:32 -0700 Subject: [PATCH] chore: pin github actions to sha --- .../workflows/call-flags-project-board.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 22 +++++++++---------- .github/workflows/sdk-compliance.yml | 2 +- .github/workflows/stale.yaml | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/call-flags-project-board.yml b/.github/workflows/call-flags-project-board.yml index 627d714e..c1019eae 100644 --- a/.github/workflows/call-flags-project-board.yml +++ b/.github/workflows/call-flags-project-board.yml @@ -9,7 +9,7 @@ on: jobs: call-flags-project: - uses: PostHog/.github/.github/workflows/flags-project-board.yml@main + uses: PostHog/.github/.github/workflows/flags-project-board.yml@d2e7c952fef6a22b2210bcffc70bec71abeeba03 with: pr_number: ${{ github.event.pull_request.number }} pr_node_id: ${{ github.event.pull_request.node_id }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 61646b4c..66aca8be 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,7 +27,7 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7cba2abe..06e41c86 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: has-changesets: ${{ steps.check.outputs.has-changesets }} steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main fetch-depth: 0 @@ -45,7 +45,7 @@ jobs: name: Notify Slack - Approval Needed needs: check-changesets if: needs.check-changesets.outputs.has-changesets == 'true' - uses: posthog/.github/.github/workflows/notify-approval-needed.yml@main + uses: posthog/.github/.github/workflows/notify-approval-needed.yml@d2e7c952fef6a22b2210bcffc70bec71abeeba03 with: slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }} slack_user_group_id: ${{ vars.GROUP_CLIENT_LIBRARIES_SLACK_GROUP_ID }} @@ -67,7 +67,7 @@ jobs: steps: - name: Notify Slack - Approved if: needs.notify-approval-needed.outputs.slack_ts != '' - uses: posthog/.github/.github/actions/slack-thread-reply@main + uses: posthog/.github/.github/actions/slack-thread-reply@d2e7c952fef6a22b2210bcffc70bec71abeeba03 with: slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }} slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }} @@ -77,20 +77,20 @@ jobs: - name: Get GitHub App token id: releaser - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: client-id: ${{ secrets.GH_APP_POSTHOG_PYTHON_RELEASER_APP_ID }} private-key: ${{ secrets.GH_APP_POSTHOG_PYTHON_RELEASER_PRIVATE_KEY }} - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main fetch-depth: 0 token: ${{ steps.releaser.outputs.token }} - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.11.11 @@ -107,7 +107,7 @@ jobs: - name: Cache Sampo CLI id: cache-sampo - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cargo/bin/sampo key: sampo-${{ runner.os }}-${{ runner.arch }} @@ -230,7 +230,7 @@ jobs: # Notify in case of a failure - name: Send failure event to PostHog if: ${{ failure() }} - uses: PostHog/posthog-github-action@v1 + uses: PostHog/posthog-github-action@58dea254b598fb5d469c0699c98af8288a7f7650 # v1.2.0 with: posthog-token: "${{ secrets.POSTHOG_PROJECT_API_KEY }}" event: "posthog-python-github-release-workflow-failure" @@ -244,7 +244,7 @@ jobs: - name: Notify Slack - Failed if: ${{ failure() && needs.notify-approval-needed.outputs.slack_ts != '' }} - uses: posthog/.github/.github/actions/slack-thread-reply@main + uses: posthog/.github/.github/actions/slack-thread-reply@d2e7c952fef6a22b2210bcffc70bec71abeeba03 with: slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }} slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }} @@ -259,10 +259,10 @@ jobs: if: always() && needs.release.result == 'success' && needs.notify-approval-needed.outputs.slack_ts != '' steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Notify Slack - Released - uses: posthog/.github/.github/actions/slack-thread-reply@main + uses: posthog/.github/.github/actions/slack-thread-reply@d2e7c952fef6a22b2210bcffc70bec71abeeba03 with: slack_bot_token: ${{ secrets.SLACK_CLIENT_LIBRARIES_BOT_TOKEN }} slack_channel_id: ${{ vars.SLACK_APPROVALS_CLIENT_LIBRARIES_CHANNEL_ID }} diff --git a/.github/workflows/sdk-compliance.yml b/.github/workflows/sdk-compliance.yml index 7e58fa79..3b0acd0e 100644 --- a/.github/workflows/sdk-compliance.yml +++ b/.github/workflows/sdk-compliance.yml @@ -14,7 +14,7 @@ on: jobs: compliance: name: PostHog SDK compliance tests - uses: PostHog/posthog-sdk-test-harness/.github/workflows/test-sdk-action.yml@main + uses: PostHog/posthog-sdk-test-harness/.github/workflows/test-sdk-action.yml@1b56b38f46ac563ab2d5d7a8021740e8633a560b with: adapter-dockerfile: "sdk_compliance_adapter/Dockerfile" adapter-context: "." diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 8fe59a84..a1f6b43b 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -25,7 +25,7 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - - uses: actions/stale@v10 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0 if: steps.holiday.outputs.skip != 'true' with: days-before-issue-stale: 730