From 970c89758332cab9eb6aaae77cacc224c0ca8f0a Mon Sep 17 00:00:00 2001 From: Xeboc Date: Fri, 17 Apr 2026 20:04:33 +0000 Subject: [PATCH] Pin GitHub Actions to full commit SHAs --- .github/workflows/automerge-dependabot.yml | 2 +- .github/workflows/ci.yml | 26 ++++++++++---------- .github/workflows/cpr-example-command.yml | 4 +-- .github/workflows/slash-command-dispatch.yml | 2 +- .github/workflows/update-major-version.yml | 2 +- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/automerge-dependabot.yml b/.github/workflows/automerge-dependabot.yml index 6478d21b4b..53e0c5e81f 100644 --- a/.github/workflows/automerge-dependabot.yml +++ b/.github/workflows/automerge-dependabot.yml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-latest if: github.actor == 'dependabot[bot]' steps: - - uses: peter-evans/enable-pull-request-automerge@v3 + - uses: peter-evans/enable-pull-request-automerge@a660677d5469627102a1c1e11409dd063606628d # v3.0.0 with: token: ${{ secrets.ACTIONS_BOT_TOKEN }} pull-request-number: ${{ github.event.pull_request.number }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 314da31f28..377367bb10 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,8 +19,8 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version-file: package.json cache: npm @@ -29,11 +29,11 @@ jobs: - run: npm run format-check - run: npm run lint - run: npm run test - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: dist path: dist - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: action.yml path: action.yml @@ -46,16 +46,16 @@ jobs: matrix: target: [built, committed] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - if: matrix.target == 'built' || github.event_name == 'pull_request' - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist path: dist - if: matrix.target == 'built' || github.event_name == 'pull_request' - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: action.yml path: . @@ -80,7 +80,7 @@ jobs: branch: ci-test-${{ matrix.target }}-${{ github.sha }} - name: Close Pull - uses: peter-evans/close-pull@v3 + uses: peter-evans/close-pull@a192af8d70f2d49c49643134605c3b73d4f80fae # v3.0.1 with: pull-request-number: ${{ steps.cpr.outputs.pull-request-number }} comment: '[CI] test ${{ matrix.target }}' @@ -92,7 +92,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Find Comment - uses: peter-evans/find-comment@v4 + uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0 id: fc with: issue-number: ${{ github.event.number }} @@ -101,7 +101,7 @@ jobs: - if: steps.fc.outputs.comment-id == '' name: Create comment - uses: peter-evans/create-or-update-comment@v5 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: issue-number: ${{ github.event.number }} body: | @@ -118,13 +118,13 @@ jobs: needs: [test] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: actions/download-artifact@v8 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist path: dist - name: Create Pull Request - uses: peter-evans/create-pull-request@v8 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.ACTIONS_BOT_TOKEN }} commit-message: 'build: update distribution' diff --git a/.github/workflows/cpr-example-command.yml b/.github/workflows/cpr-example-command.yml index c9ef268190..7aa17da3da 100644 --- a/.github/workflows/cpr-example-command.yml +++ b/.github/workflows/cpr-example-command.yml @@ -6,7 +6,7 @@ jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Make changes to pull request run: date +%s > report.txt @@ -42,7 +42,7 @@ jobs: echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" - name: Add reaction - uses: peter-evans/create-or-update-comment@v5 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: repository: ${{ github.event.client_payload.github.payload.repository.full_name }} comment-id: ${{ github.event.client_payload.github.payload.comment.id }} diff --git a/.github/workflows/slash-command-dispatch.yml b/.github/workflows/slash-command-dispatch.yml index f67effb1eb..e6eae9a36c 100644 --- a/.github/workflows/slash-command-dispatch.yml +++ b/.github/workflows/slash-command-dispatch.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Slash Command Dispatch - uses: peter-evans/slash-command-dispatch@v5 + uses: peter-evans/slash-command-dispatch@9bdcd7914ec1b75590b790b844aa3b8eee7c683a # v5.0.2 with: token: ${{ secrets.ACTIONS_BOT_TOKEN }} config: > diff --git a/.github/workflows/update-major-version.yml b/.github/workflows/update-major-version.yml index bc53fada59..4e7828ccb2 100644 --- a/.github/workflows/update-major-version.yml +++ b/.github/workflows/update-major-version.yml @@ -18,7 +18,7 @@ jobs: tag: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.ACTIONS_BOT_TOKEN }} fetch-depth: 0