Skip to content

Commit 79afd62

Browse files
committed
chore: pin github actions to shas
1 parent 6d814de commit 79afd62

21 files changed

Lines changed: 108 additions & 108 deletions

.github/actions/inspect-releaser/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737
runs-on: ubuntu-latest
3838
steps:
3939
- id: releaser
40-
uses: ipdxco/unified-github-workflows/.github/actions/inspect-releaser@main
40+
uses: ipdxco/unified-github-workflows/.github/actions/inspect-releaser@6d814de11369bb725d26e8d350ac62fe6811ff0a # main
4141
with:
4242
artifacts-url: ${{ github.event.inputs.artifacts-url || github.event.workflow_run.artifacts_url }}
4343
- if: ${{ steps.releaser.outputs.id == '' }}

.github/actions/inspect-releaser/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ runs:
3434
using: composite
3535
steps:
3636
- id: workflow-run
37-
uses: ipdxco/workflow-run-context@v1
37+
uses: ipdxco/workflow-run-context@492ea3967eb2ca7ed76b7888b42fa7649addd975 # v1
3838
with:
3939
artifacts-url: ${{ inputs.artifacts-url }}
4040
artifact-names: ${{ inputs.artifact-name }}

.github/workflows/add-label-by-query.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
QUERY: ${{ github.event.inputs.query }}
2727
LABEL: ${{ github.event.inputs.label }}
2828
DRY_RUN: ${{ github.event.inputs.dry-run }}
29-
uses: actions/github-script@v8
29+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
3030
with:
3131
result-encoding: string
3232
script: |

.github/workflows/check-3rd-party.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ jobs:
99
outputs:
1010
targets: ${{ steps.set-matrix.outputs.targets }}
1111
steps:
12-
- uses: actions/checkout@v5
12+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
1313
- id: set-matrix
1414
run: |
1515
TARGETS=$(find . -type f -name "*.yml" | sed "s|^\./||" | grep -v workflow-templates/header.yml | jq -R -s -c 'split("\n")[:-1]')
@@ -23,7 +23,7 @@ jobs:
2323
file: ${{ fromJSON(needs.matrix.outputs.targets) }}
2424
name: ${{ matrix.file }}
2525
steps:
26-
- uses: actions/checkout@v5
26+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
2727
- uses: ./.github/actions/render-templates
2828
- name: Run check
2929
env:

.github/workflows/check-yaml.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@ jobs:
1212
check-yaml:
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: actions/checkout@v5
15+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
1616
- uses: ./.github/actions/render-templates
17-
- uses: ipdxco/validate-yaml-schema@v1
17+
- uses: ipdxco/validate-yaml-schema@9ad8180446c50787626d798c2230f80fe1d974d1 # v1
1818
with:
1919
yamlSchemasJson: |
2020
{

.github/workflows/copy-templates.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323
outputs:
2424
defaults: ${{ steps.defaults.outputs.defaults }}
2525
steps:
26-
- uses: actions/checkout@v5
26+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
2727
- id: defaults
2828
name: Read defaults
2929
run: |

.github/workflows/create-prs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
env:
2323
BRANCH: ${{ github.event.inputs.branch }}
2424
DRY_RUN: ${{ github.event.inputs.dry-run }}
25-
uses: actions/github-script@v8
25+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
2626
with:
2727
github-token: ${{ secrets.UCI_GITHUB_TOKEN }}
2828
retries: 0

.github/workflows/delete-branches.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
env:
2323
BRANCH: ${{ github.event.inputs.branch }}
2424
DRY_RUN: ${{ github.event.inputs.dry-run }}
25-
uses: actions/github-script@v8
25+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
2626
with:
2727
github-token: ${{ secrets.UCI_GITHUB_TOKEN }}
2828
retries: 0

.github/workflows/dispatch.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
batches: ${{ steps.matrix.outputs.result }}
2828
steps:
2929
- id: matrix
30-
uses: actions/github-script@v8
30+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
3131
env:
3232
FILTER: ${{ inputs.filter }}
3333
with:

.github/workflows/go-check.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -52,13 +52,13 @@ jobs:
5252
- name: Create GitHub App installation token
5353
id: checkout-app
5454
if: steps.secrets.outputs.CHECKOUT_APP_ID == 'true' && steps.secrets.outputs.CHECKOUT_PRIVATE_KEY == 'true'
55-
uses: actions/create-github-app-token@v2
55+
uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2
5656
with:
5757
app-id: ${{ secrets.CHECKOUT_APP_ID }}
5858
private-key: ${{ secrets.CHECKOUT_PRIVATE_KEY }}
5959
owner: ${{ github.repository_owner }}
6060
- name: Check out the repository
61-
uses: actions/checkout@v5
61+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
6262
with:
6363
submodules: recursive
6464
token: ${{ steps.checkout-app.outputs.token || secrets.CHECKOUT_TOKEN || github.token }}
@@ -77,20 +77,20 @@ jobs:
7777
fi
7878
- name: Check out the latest stable version of Go
7979
id: stable
80-
uses: actions/setup-go@v6
80+
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
8181
with:
8282
go-version: stable
8383
cache: false
8484
- name: Read the Unified GitHub Workflows configuration
8585
id: config
86-
uses: ipdxco/unified-github-workflows/.github/actions/read-config@main
86+
uses: ipdxco/unified-github-workflows/.github/actions/read-config@6d814de11369bb725d26e8d350ac62fe6811ff0a # main
8787
- name: Read the go.mod file
8888
id: go-mod
89-
uses: ipdxco/unified-github-workflows/.github/actions/read-go-mod@main
89+
uses: ipdxco/unified-github-workflows/.github/actions/read-go-mod@6d814de11369bb725d26e8d350ac62fe6811ff0a # main
9090
- name: Set up the Go version read from the go.mod file
9191
id: go
9292
if: (inputs.go-version || fromJSON(steps.go-mod.outputs.json).Go) != steps.stable.outputs.go-version || inputs.go-cache != 'false'
93-
uses: actions/setup-go@v6
93+
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
9494
with:
9595
go-version: ${{ inputs.go-version || fromJSON(steps.go-mod.outputs.json).Go }}
9696
cache: ${{ inputs.go-cache }}
@@ -170,7 +170,7 @@ jobs:
170170
go get github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$version ||
171171
go get github.com/golangci/golangci-lint/cmd/golangci-lint@$version
172172
- name: Check that go.mod is tidy
173-
uses: protocol/multiple-go-modules@v1.4
173+
uses: protocol/multiple-go-modules@ac694baecddc63fc5ba8fe8262d46659fbbf911d # v1.4
174174
with:
175175
run: |
176176
go mod tidy
@@ -189,19 +189,19 @@ jobs:
189189
fi
190190
- name: go vet
191191
if: success() || failure() # run this step even if the previous one failed
192-
uses: protocol/multiple-go-modules@v1.4
192+
uses: protocol/multiple-go-modules@ac694baecddc63fc5ba8fe8262d46659fbbf911d # v1.4
193193
with:
194194
run: go vet ./...
195195
- name: staticcheck
196196
if: success() || failure() # run this step even if the previous one failed
197-
uses: protocol/multiple-go-modules@v1.4
197+
uses: protocol/multiple-go-modules@ac694baecddc63fc5ba8fe8262d46659fbbf911d # v1.4
198198
with:
199199
run: |
200200
set -o pipefail
201201
staticcheck ./... | sed -e 's@\(.*\)\.go@./\1.go@g'
202202
- name: golangci-lint run
203203
if: (success() || failure()) && hashFiles('.golangci.yml', '.golangci.toml', '.golangci.json', '.golangci.yaml') != ''
204-
uses: protocol/multiple-go-modules@v1.4
204+
uses: protocol/multiple-go-modules@ac694baecddc63fc5ba8fe8262d46659fbbf911d # v1.4
205205
env:
206206
NEW_FROM_REV: ${{
207207
steps.github.outputs.base_sha && !(
@@ -218,7 +218,7 @@ jobs:
218218
with:
219219
run: golangci-lint run --disable govet --disable staticcheck --new=false --new-from-patch= --new-from-rev=$NEW_FROM_REV --verbose
220220
- name: go generate
221-
uses: protocol/multiple-go-modules@v1.4
221+
uses: protocol/multiple-go-modules@ac694baecddc63fc5ba8fe8262d46659fbbf911d # v1.4
222222
if: (success() || failure()) && fromJSON(steps.config.outputs.json).gogenerate == true
223223
env:
224224
IGNORE_PROTOC_VERSION_COMMENTS: ${{ inputs.go-generate-ignore-protoc-version-comments }}

0 commit comments

Comments
 (0)