chore: pin GitHub Actions to full-length commit SHAs

joshuarli · joshuarli · commit 2e6f1b35b8c6 · 2026-03-23T23:53:19.000-07:00
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -10,8 +10,8 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           cache: yarn
           node-version-file: 'package.json'
@@ -22,7 +22,7 @@ jobs:
       - name: Build
         run: yarn build
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: ${{ github.sha }}
           path: ./packages/**/dist/**/*
@@ -36,15 +36,15 @@ jobs:
       matrix:
         version: [18, 20, 22]
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           cache: yarn
           node-version: ${{ matrix.version }}
       - name: Install
         run: yarn install
       - name: Download Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
         with:
           path: ./packages
           merge-multiple: true
@@ -56,15 +56,15 @@ jobs:
     runs-on: macos-latest
     needs: build
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           cache: yarn
           node-version-file: 'package.json'
       - name: Install
         run: yarn install
       - name: Download Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
         with:
           path: ./packages
           merge-multiple: true
diff --git a/.github/workflows/prepare-publish.yml b/.github/workflows/prepare-publish.yml
@@ -10,16 +10,16 @@ jobs:
     name: Prepare Publish
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           cache: yarn
           node-version-file: "package.json"
       - name: Install
         run: yarn install
       - name: Create Release Pull Request
         id: changesets
-        uses: changesets/action@v1
+        uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1
         with:
           version: yarn changeset:consume
           commit: "meta(changelog): Update package versions"
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -21,8 +21,8 @@ jobs:
       contains(github.event.head_commit.message, 'meta(changelog)') 
       && contains(github.event.head_commit.message, 'Update package versions')
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           cache: yarn
           node-version-file: "package.json"
@@ -31,7 +31,7 @@ jobs:
       - name: Build
         run: yarn build
       - name: Publish to NPM
-        uses: changesets/action@v1
+        uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
