Skip to content

Commit 0d0ced7

Browse files
authored
Merge pull request #134 from OpenVoxProject/pin
CI: pin external workflows
2 parents 455f4e0 + 3691678 commit 0d0ced7

2 files changed

Lines changed: 22 additions & 22 deletions

File tree

.github/workflows/ci.yaml

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -17,17 +17,17 @@ jobs:
1717
outputs:
1818
ruby: ${{ steps.ruby.outputs.versions }}
1919
steps:
20-
- uses: actions/checkout@v7
20+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
2121
- name: Install Ruby ${{ matrix.ruby }}
22-
uses: ruby/setup-ruby@v1
22+
uses: ruby/setup-ruby@0dafeac902942906541bc140009cdbf32665b601 # v1.315.0
2323
with:
2424
ruby-version: "3.4"
2525
bundler-cache: true
2626
- name: Run Rubocop
2727
run: bundle exec rake rubocop
2828
- run: gem build --strict --verbose *.gemspec
2929
- id: ruby
30-
uses: voxpupuli/ruby-version@v2
30+
uses: voxpupuli/ruby-version@656370e339050da63b86b1c631f5f88a3f4c0803 # 1.0.1
3131

3232
linux_unit_tests:
3333
needs:
@@ -43,23 +43,23 @@ jobs:
4343
runs-on: ubuntu-24.04
4444
steps:
4545
- name: Checkout current PR
46-
uses: actions/checkout@v7
46+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
4747
# we explictly force Java 17 because that's the lowest one we support when building packages with ezbake
4848
- name: Set up Java 17 for JRuby 9
4949
if: contains(matrix.ruby, 'jruby-9')
50-
uses: actions/setup-java@v5
50+
uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0
5151
with:
5252
distribution: temurin
5353
java-version: '17'
5454
# JRuby 10.0.5 requires java 21 or 25
5555
- name: Set up Java 21 for JRuby 10
5656
if: contains(matrix.ruby, 'jruby-10')
57-
uses: actions/setup-java@v5
57+
uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0
5858
with:
5959
distribution: temurin
6060
java-version: '21'
6161
- name: Rspec checks
62-
uses: ruby/setup-ruby@v1
62+
uses: ruby/setup-ruby@0dafeac902942906541bc140009cdbf32665b601 # v1.315.0
6363
with:
6464
ruby-version: ${{ matrix.ruby }}
6565
bundler-cache: true
@@ -75,10 +75,10 @@ jobs:
7575
runs-on: windows-2025
7676
steps:
7777
- name: Checkout current PR
78-
uses: actions/checkout@v7
78+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
7979

8080
- name: Rspec checks
81-
uses: ruby/setup-ruby@v1
81+
uses: ruby/setup-ruby@0dafeac902942906541bc140009cdbf32665b601 # v1.315.0
8282
with:
8383
ruby-version: ${{ matrix.ruby }}
8484
bundler-cache: true
@@ -101,12 +101,12 @@ jobs:
101101

102102
steps:
103103
- name: Checkout current PR
104-
uses: actions/checkout@v7
104+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
105105
with:
106106
path: facter
107107

108108
- name: Install Ruby 3.2
109-
uses: ruby/setup-ruby@v1
109+
uses: ruby/setup-ruby@0dafeac902942906541bc140009cdbf32665b601 # v1.315.0
110110
with:
111111
ruby-version: '3.2'
112112
bundler-cache: true
@@ -160,10 +160,10 @@ jobs:
160160
BUNDLE_WITH: 'integration'
161161
steps:
162162
- name: Checkout current PR
163-
uses: actions/checkout@v7
163+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
164164

165165
- name: Rspec checks
166-
uses: ruby/setup-ruby@v1
166+
uses: ruby/setup-ruby@0dafeac902942906541bc140009cdbf32665b601 # v1.315.0
167167
with:
168168
ruby-version: ${{ matrix.cfg.ruby }}
169169
bundler-cache: true

.github/workflows/gem_release.yaml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -15,16 +15,16 @@ jobs:
1515
name: Build the gem
1616
runs-on: ubuntu-24.04
1717
steps:
18-
- uses: actions/checkout@v7
18+
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
1919
- name: Install Ruby
20-
uses: ruby/setup-ruby@v1
20+
uses: ruby/setup-ruby@0dafeac902942906541bc140009cdbf32665b601 # v1.315.0
2121
with:
2222
ruby-version: 'ruby'
2323
- name: Build gem
2424
shell: bash
2525
run: gem build --verbose *.gemspec
2626
- name: Upload gem to GitHub cache
27-
uses: actions/upload-artifact@v7
27+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
2828
with:
2929
name: gem-artifact
3030
path: '*.gem'
@@ -39,7 +39,7 @@ jobs:
3939
contents: write # clone repo and create release
4040
steps:
4141
- name: Download gem from GitHub cache
42-
uses: actions/download-artifact@v8
42+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
4343
with:
4444
name: gem-artifact
4545
- name: Create Release
@@ -56,7 +56,7 @@ jobs:
5656
packages: write # publish to rubygems.pkg.github.com
5757
steps:
5858
- name: Download gem from GitHub cache
59-
uses: actions/download-artifact@v8
59+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
6060
with:
6161
name: gem-artifact
6262
- name: Publish gem to GitHub packages
@@ -73,10 +73,10 @@ jobs:
7373
id-token: write # rubygems.org authentication
7474
steps:
7575
- name: Download gem from GitHub cache
76-
uses: actions/download-artifact@v8
76+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
7777
with:
7878
name: gem-artifact
79-
- uses: rubygems/configure-rubygems-credentials@v2.1.0
79+
- uses: rubygems/configure-rubygems-credentials@dc5a8d8553e6ee01fc26761a49e99e733d17954a # v2.1.0
8080
- name: Publish gem to rubygems.org
8181
shell: bash
8282
run: gem push *.gem
@@ -92,11 +92,11 @@ jobs:
9292
- release-to-rubygems
9393
steps:
9494
- name: Download gem from GitHub cache
95-
uses: actions/download-artifact@v8
95+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
9696
with:
9797
name: gem-artifact
9898
- name: Install Ruby
99-
uses: ruby/setup-ruby@v1
99+
uses: ruby/setup-ruby@0dafeac902942906541bc140009cdbf32665b601 # v1.315.0
100100
with:
101101
ruby-version: 'ruby'
102102
- name: Wait for release to propagate

0 commit comments

Comments
 (0)