Skip to content

Commit d37fcea

Browse files
tobias-tenglertobias-tengler
authored
Pin GitHub action versions (#9688)
1 parent 1d5c4f2 commit d37fcea

8 files changed

Lines changed: 75 additions & 75 deletions

File tree

.github/workflows/benchmarks.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
pull-requests: write
1717
steps:
1818
- name: Post initial pending comment
19-
uses: actions/github-script@v9
19+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
2020
with:
2121
github-token: ${{ secrets.GITHUB_TOKEN }}
2222
script: |
@@ -131,7 +131,7 @@ jobs:
131131

132132
steps:
133133
- name: Checkout current repository
134-
uses: actions/checkout@v6
134+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
135135
with:
136136
fetch-depth: 0
137137
show-progress: false
@@ -182,7 +182,7 @@ jobs:
182182
"${{ matrix.runner-label }}"
183183
184184
- name: Upload benchmark result
185-
uses: actions/upload-artifact@v7
185+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
186186
if: always()
187187
with:
188188
name: benchmark-${{ matrix.test }}-${{ matrix.mode }}-${{ matrix.runner-group }}
@@ -194,7 +194,7 @@ jobs:
194194
# No artifact downloads, no external scripts — just a few API calls.
195195
- name: Update PR comment (progressive)
196196
if: github.event_name == 'pull_request'
197-
uses: actions/github-script@v9
197+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
198198
with:
199199
github-token: ${{ secrets.GITHUB_TOKEN }}
200200
script: |
@@ -331,7 +331,7 @@ jobs:
331331

332332
steps:
333333
- name: Download all benchmark results
334-
uses: actions/download-artifact@v8
334+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
335335
continue-on-error: true
336336
with:
337337
pattern: benchmark-*
@@ -341,7 +341,7 @@ jobs:
341341
# overwrite progressive results with a less complete artifact set
342342
# (e.g., when cancel-in-progress killed some jobs mid-run).
343343
- name: Update PR comment with final report
344-
uses: actions/github-script@v9
344+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
345345
with:
346346
github-token: ${{ secrets.GITHUB_TOKEN }}
347347
script: |
@@ -511,13 +511,13 @@ jobs:
511511

512512
steps:
513513
- name: Download all benchmark results
514-
uses: actions/download-artifact@v8
514+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
515515
with:
516516
pattern: benchmark-*
517517
path: benchmark-results
518518

519519
- name: Checkout performance data repository
520-
uses: actions/checkout@v6
520+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
521521
with:
522522
repository: ChilliCream/graphql-platform-performance-data
523523
token: ${{ secrets.PERFORMANCE_DATA_TOKEN }}

.github/workflows/ci-cleanup.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
actions: write
1414
steps:
1515
- name: Check out code
16-
uses: actions/checkout@v6
16+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
1717
with:
1818
show-progress: false
1919

.github/workflows/ci.yml

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
src_changes: ${{ steps.check-src.outputs.src_changes }}
2525
steps:
2626
- name: Checkout Repository
27-
uses: actions/checkout@v6
27+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2828
with:
2929
fetch-depth: 2
3030
show-progress: false
@@ -77,13 +77,13 @@ jobs:
7777
needs: check-changes
7878
if: needs.check-changes.outputs.website_changes == 'true' || needs.check-changes.outputs.website_next_changes == 'true'
7979
steps:
80-
- uses: actions/checkout@v6
80+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
8181
name: Check out the code
8282
with:
8383
show-progress: false
8484

8585
- name: Install Node.js
86-
uses: actions/setup-node@v6
86+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
8787
with:
8888
node-version: 24
8989

@@ -102,11 +102,11 @@ jobs:
102102
name: "Markdown linting"
103103
runs-on: ubuntu-latest
104104
steps:
105-
- uses: actions/checkout@v6
105+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
106106
name: Check out the code
107107
with:
108108
show-progress: false
109-
- uses: actions/setup-node@v6
109+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
110110
name: Setup node
111111
with:
112112
node-version: 24
@@ -122,19 +122,19 @@ jobs:
122122
runs-on: ubuntu-latest
123123
steps:
124124
- name: Checkout Repository
125-
uses: actions/checkout@v6
125+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
126126
with:
127127
show-progress: false
128128

129129
- name: Install Node.js
130-
uses: actions/setup-node@v6
130+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
131131
with:
132132
node-version: 24
133133
cache: "yarn"
134134
cache-dependency-path: "website/yarn.lock"
135135

136136
- name: Cache Yarn Packages
137-
uses: actions/cache@v5
137+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
138138
with:
139139
path: |
140140
website/.yarn/cache
@@ -144,7 +144,7 @@ jobs:
144144
${{ runner.os }}-yarn-
145145
146146
- name: Cache Optimized Images
147-
uses: actions/cache@v5
147+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
148148
with:
149149
path: website/.next/cache/images
150150
key: ${{ runner.os }}-optimized-images-${{ hashFiles('website/public/images/**', 'website/public/docs/**/*.png', 'website/public/docs/**/*.jpg', 'website/public/docs/**/*.webp') }}
@@ -170,19 +170,19 @@ jobs:
170170
runs-on: ubuntu-latest
171171
steps:
172172
- name: Checkout Repository
173-
uses: actions/checkout@v6
173+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
174174
with:
175175
show-progress: false
176176

177177
- name: Install Node.js
178-
uses: actions/setup-node@v6
178+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
179179
with:
180180
node-version: 24
181181
cache: "yarn"
182182
cache-dependency-path: "website-next/yarn.lock"
183183

184184
- name: Cache Yarn Packages
185-
uses: actions/cache@v5
185+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
186186
with:
187187
path: |
188188
website-next/.yarn/cache
@@ -214,12 +214,12 @@ jobs:
214214

215215
steps:
216216
- name: Checkout to repository
217-
uses: actions/checkout@v6
217+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
218218
with:
219219
show-progress: false
220220

221221
- name: Install .NET
222-
uses: actions/setup-dotnet@v5
222+
uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5
223223
with:
224224
dotnet-version: 10.x
225225

@@ -244,12 +244,12 @@ jobs:
244244

245245
steps:
246246
- name: Checkout repository
247-
uses: actions/checkout@v6
247+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
248248
with:
249249
show-progress: false
250250

251251
- name: Install .NET
252-
uses: actions/setup-dotnet@v5
252+
uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5
253253
with:
254254
dotnet-version: |
255255
8.x
@@ -267,7 +267,7 @@ jobs:
267267
github.event_name != 'pull_request' ||
268268
(github.event_name == 'pull_request' &&
269269
github.event.pull_request.head.repo.full_name == github.repository)
270-
uses: docker/login-action@v4
270+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
271271
with:
272272
username: ${{ vars.DOCKERHUB_USERNAME }}
273273
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -288,13 +288,13 @@ jobs:
288288
CI_BUILD: true
289289

290290
- name: Upload Test Results as Artifact
291-
uses: actions/upload-artifact@v7
291+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
292292
with:
293293
name: test-results-${{ matrix.name }}
294294
path: ${{ matrix.directoryPath }}/TestResults/*.trx
295295

296296
- name: Upload Coverage File as Artifact
297-
uses: actions/upload-artifact@v7
297+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
298298
with:
299299
name: coverage-${{ matrix.name }}
300300
# The * matches a single directory that is named with a GUID.
@@ -303,7 +303,7 @@ jobs:
303303

304304
- name: Upload mismatch files as Artifact
305305
if: steps.run-tests.outcome == 'failure'
306-
uses: actions/upload-artifact@v7
306+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
307307
with:
308308
name: mismatch-files-${{ matrix.name }}
309309
path: ${{ matrix.directoryPath }}/**/__mismatch__/*
@@ -314,13 +314,13 @@ jobs:
314314
runs-on: ubuntu-latest
315315
steps:
316316
- name: Download all coverage artifacts
317-
uses: actions/download-artifact@v8
317+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
318318
with:
319319
path: ./output/download
320320
pattern: coverage-*
321321

322322
- name: Upload coverage to Codecov
323-
uses: codecov/codecov-action@v5
323+
uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5
324324
timeout-minutes: 10
325325
with:
326326
token: ${{ secrets.CODECOV_TOKEN }}
@@ -340,12 +340,12 @@ jobs:
340340
pull-requests: write
341341
steps:
342342
- name: Checkout Repository
343-
uses: actions/checkout@v6
343+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
344344
with:
345345
show-progress: false
346346

347347
- name: Validate Client
348-
uses: ChilliCream/nitro-client-validate@v16.0.0-rc.1.43
348+
uses: ChilliCream/nitro-client-validate@30ce13815d90dad9ca50a96e5746a4e5abb11e8f # v16.0.1-p.5
349349
with:
350350
client-id: ${{ secrets.NITRO_API_CLIENT_ID }}
351351
operations-file: src/Nitro/Common/src/ChilliCream.Nitro.Client/persisted/operations.json
@@ -360,12 +360,12 @@ jobs:
360360
if: needs.check-changes.outputs.src_changes == 'true'
361361
steps:
362362
- name: Checkout Repository
363-
uses: actions/checkout@v6
363+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
364364
with:
365365
show-progress: false
366366

367367
- name: Setup Node
368-
uses: actions/setup-node@v6
368+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
369369
with:
370370
node-version: 24
371371

.github/workflows/coverage.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -25,12 +25,12 @@ jobs:
2525

2626
steps:
2727
- name: Checkout to repository
28-
uses: actions/checkout@v6
28+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2929
with:
3030
show-progress: false
3131

3232
- name: Install .NET
33-
uses: actions/setup-dotnet@v5
33+
uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5
3434
with:
3535
dotnet-version: |
3636
8.x
@@ -57,12 +57,12 @@ jobs:
5757

5858
steps:
5959
- name: Checkout repository
60-
uses: actions/checkout@v6
60+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
6161
with:
6262
show-progress: false
6363

6464
- name: Install .NET
65-
uses: actions/setup-dotnet@v5
65+
uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5
6666
with:
6767
dotnet-version: |
6868
8.x
@@ -75,7 +75,7 @@ jobs:
7575
timeout-minutes: 5
7676

7777
- name: Log in to Docker Hub
78-
uses: docker/login-action@v4
78+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
7979
with:
8080
username: ${{ vars.DOCKERHUB_USERNAME }}
8181
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -97,13 +97,13 @@ jobs:
9797
CI_BUILD: true
9898

9999
- name: Upload Test Results as Artifact
100-
uses: actions/upload-artifact@v7
100+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
101101
with:
102102
name: test-results-${{ matrix.name }}
103103
path: ${{ matrix.directoryPath }}/TestResults/*.trx
104104

105105
- name: Upload Coverage File as Artifact
106-
uses: actions/upload-artifact@v7
106+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
107107
with:
108108
name: coverage-${{ matrix.name }}
109109
# The * matches a single directory that is named with a GUID.
@@ -112,7 +112,7 @@ jobs:
112112

113113
- name: Upload mismatch files as Artifact
114114
if: failure()
115-
uses: actions/upload-artifact@v7
115+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
116116
with:
117117
name: mismatch-files-${{ matrix.name }}
118118
path: ${{ matrix.directoryPath }}/**/__mismatch__/*
@@ -129,13 +129,13 @@ jobs:
129129
runs-on: ubuntu-latest
130130
steps:
131131
- name: Download all coverage artifacts
132-
uses: actions/download-artifact@v8
132+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
133133
with:
134134
path: ./output/download
135135
pattern: coverage-*
136136

137137
- name: Upload coverage to Codecov
138-
uses: codecov/codecov-action@v5
138+
uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5
139139
timeout-minutes: 10
140140
with:
141141
token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/issue-labeler.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
name: Apply Issue Labels
1414
runs-on: ubuntu-latest
1515
steps:
16-
- uses: github/issue-labeler@v3.4
16+
- uses: github/issue-labeler@c1b0f9f52a63158c4adc09425e858e87b32e9685 # v3.4
1717
with:
1818
configuration-path: .github/issue-labeler.yml
1919
enable-versioned-regex: 0

.github/workflows/pr-labeler.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,4 @@ jobs:
1212
name: Apply Labels
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: actions/labeler@v6
15+
- uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6

0 commit comments

Comments
 (0)