Skip to content

Commit b6fb33a

Browse files
chore: pin GitHub Actions to full-length commit SHAs (#534)
* chore: pin GitHub Actions to full-length commit SHAs * add permissions to update-dep workflow --------- Co-authored-by: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
1 parent 2be6bcb commit b6fb33a

9 files changed

Lines changed: 31 additions & 29 deletions

.github/workflows/analyze.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ jobs:
1717
runs-on: ubuntu-latest
1818

1919
steps:
20-
- uses: actions/checkout@v6
20+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2121

2222
- name: JDK setup
23-
uses: actions/setup-java@v5
23+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
2424
with:
2525
java-version: 17
2626
distribution: temurin

.github/workflows/changelog-preview.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,5 +14,5 @@ permissions:
1414

1515
jobs:
1616
changelog-preview:
17-
uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2
17+
uses: getsentry/craft/.github/workflows/changelog-preview.yml@f4889d04564e47311038ecb6b910fef6b6cf1363 # v2
1818
secrets: inherit

.github/workflows/danger.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,4 @@ jobs:
88
danger:
99
runs-on: ubuntu-latest
1010
steps:
11-
- uses: getsentry/github-workflows/danger@v3
11+
- uses: getsentry/github-workflows/danger@26f565c05d0dd49f703d238706b775883037d76b # v3

.github/workflows/generate-dokka.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,16 @@
2020
# url: ${{ steps.deployment.outputs.page_url }}
2121
# steps:
2222
# - name: Checkout
23-
# uses: actions/checkout@v4
23+
# uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2424
#
2525
# - name: set up JDK 11
26-
# uses: actions/setup-java@v4
26+
# uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
2727
# with:
2828
# distribution: "adopt"
2929
# java-version: "11"
3030
#
3131
# - name: Cache Gradle packages
32-
# uses: actions/cache@v4
32+
# uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
3333
# with:
3434
# path: |
3535
# ~/.gradle/caches
@@ -39,16 +39,16 @@
3939
# ${{ runner.os }}-gradle-
4040
#
4141
# - name: Setup Pages
42-
# uses: actions/configure-pages@v5
42+
# uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
4343
#
4444
# - name: Generate docs with dokka
4545
# run: make generateDokka
4646
#
4747
# - name: Upload artifact
48-
# uses: actions/upload-pages-artifact@v3
48+
# uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
4949
# with:
5050
# path: ${{ github.workspace }}/build/dokka/htmlMultiModule
5151
#
5252
# - name: Deploy to GitHub Pages
5353
# id: deployment
54-
# uses: actions/deploy-pages@v1
54+
# uses: actions/deploy-pages@f27bcc15848fdcdcc02f01754eb838e44bcf389b # v1

.github/workflows/kotlin-multiplatform-gradle-plugin.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,16 @@ jobs:
2424
working-directory: sentry-kotlin-multiplatform-gradle-plugin
2525

2626
steps:
27-
- uses: actions/checkout@v6
27+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2828

2929
- name: JDK setup
30-
uses: actions/setup-java@v5
30+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
3131
with:
3232
java-version: 17
3333
distribution: temurin
3434

3535
- name: Cached Konan
36-
uses: actions/cache@v4
36+
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
3737
with:
3838
path: ~/.konan
3939
key: ${{ runner.os }}-konan-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}

.github/workflows/kotlin-multiplatform.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -21,16 +21,16 @@ jobs:
2121
runs-on: macos-latest-xlarge
2222

2323
steps:
24-
- uses: actions/checkout@v6
24+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2525

2626
- name: JDK setup
27-
uses: actions/setup-java@v5
27+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
2828
with:
2929
java-version: 17
3030
distribution: temurin
3131

3232
- name: Cached Konan
33-
uses: actions/cache@v4
33+
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
3434
with:
3535
path: ~/.konan
3636
key: ${{ runner.os }}-konan-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
@@ -49,16 +49,16 @@ jobs:
4949
runs-on: macos-latest-xlarge
5050

5151
steps:
52-
- uses: actions/checkout@v6
52+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
5353

5454
- name: JDK setup
55-
uses: actions/setup-java@v5
55+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
5656
with:
5757
java-version: 17
5858
distribution: temurin
5959

6060
- name: Cached Konan
61-
uses: actions/cache@v4
61+
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
6262
with:
6363
path: ~/.konan
6464
key: ${{ runner.os }}-konan-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
@@ -75,10 +75,10 @@ jobs:
7575
runs-on: ubuntu-latest
7676

7777
steps:
78-
- uses: actions/checkout@v6
78+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
7979

8080
- name: JDK setup
81-
uses: actions/setup-java@v5
81+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
8282
with:
8383
java-version: 17
8484
distribution: temurin
@@ -105,10 +105,10 @@ jobs:
105105
runs-on: macos-latest-xlarge
106106

107107
steps:
108-
- uses: actions/checkout@v6
108+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
109109

110110
- name: JDK setup
111-
uses: actions/setup-java@v5
111+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
112112
with:
113113
java-version: 17
114114
distribution: temurin

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525
with:
2626
app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
2727
private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
28-
- uses: actions/checkout@v6
28+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2929
with:
3030
token: ${{ steps.token.outputs.token }}
3131
fetch-depth: 0

.github/workflows/update-deps.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,11 @@ on:
77
branches:
88
- main
99

10+
permissions: {}
11+
1012
jobs:
1113
cocoa:
12-
uses: getsentry/github-workflows/.github/workflows/updater.yml@v2
14+
uses: getsentry/github-workflows/.github/workflows/updater.yml@1949ea01ec2da6139d1bcc306c372e6aea76fb72 # v2
1315
with:
1416
path: scripts/update-cocoa.sh
1517
name: Cocoa SDK
@@ -18,7 +20,7 @@ jobs:
1820
api-token: ${{ secrets.CI_DEPLOY_KEY }}
1921

2022
java:
21-
uses: getsentry/github-workflows/.github/workflows/updater.yml@v2
23+
uses: getsentry/github-workflows/.github/workflows/updater.yml@1949ea01ec2da6139d1bcc306c372e6aea76fb72 # v2
2224
with:
2325
path: scripts/update-java.sh
2426
name: Java SDK

.github/workflows/upload-artifacts.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,10 @@ jobs:
1313
runs-on: macos-latest-xlarge
1414

1515
steps:
16-
- uses: actions/checkout@v6
16+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
1717

1818
- name: JDK setup
19-
uses: actions/setup-java@v5
19+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
2020
with:
2121
java-version: 17
2222
distribution: temurin
@@ -38,7 +38,7 @@ jobs:
3838
./gradlew validateDistributions
3939
4040
- name: Archive packages
41-
uses: actions/upload-artifact@v6
41+
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
4242
with:
4343
name: ${{ github.sha }}
4444
if-no-files-found: error

0 commit comments

Comments
 (0)