Skip to content

Commit a8f033d

Browse files
authored
ci: use sha pinning to mitigate (#130)
Lower risk about supply chain attack even though matched tag was compromised. Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
1 parent 1723838 commit a8f033d

3 files changed

Lines changed: 5 additions & 5 deletions

File tree

.github/workflows/add-to-project.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ jobs:
1010
name: Add issue to project
1111
runs-on: ubuntu-latest
1212
steps:
13-
- uses: actions/add-to-project@v1.0.2
13+
- uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
1414
with:
1515
project-url: https://github.com/orgs/fluent/projects/4
1616
github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}

.github/workflows/linux.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@ jobs:
1919
- ubuntu-latest
2020
name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}
2121
steps:
22-
- uses: actions/checkout@v4
23-
- uses: ruby/setup-ruby@v1
22+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
23+
- uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
2424
with:
2525
ruby-version: ${{ matrix.ruby }}
2626
rubygems: latest

.github/workflows/windows.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,8 @@ jobs:
1313
- windows-latest
1414
name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}
1515
steps:
16-
- uses: actions/checkout@v4
17-
- uses: ruby/setup-ruby@v1
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
- uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
1818
with:
1919
ruby-version: ${{ matrix.ruby }}
2020
rubygems: latest

0 commit comments

Comments
 (0)