Skip to content

Commit 2186a44

Browse files
joetannenbaumjoetannenbaum
authored
Merge pull request #200 from laravel/pin-github-actions
Pin GitHub Actions to commit SHAs and add Dependabot config
2 parents 467a5dc + e440fc8 commit 2186a44

6 files changed

Lines changed: 39 additions & 6 deletions

File tree

.github/dependabot.yml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
5+
schedule:
6+
interval: "weekly"
7+
groups:
8+
github-actions:
9+
patterns:
10+
- "*"
11+
- package-ecosystem: "github-actions"
12+
directory: "/"
13+
schedule:
14+
interval: "weekly"
15+
target-branch: "1.x"
16+
groups:
17+
github-actions:
18+
patterns:
19+
- "*"
20+
- package-ecosystem: "github-actions"
21+
directory: "/"
22+
schedule:
23+
interval: "weekly"
24+
target-branch: "2.x"
25+
groups:
26+
github-actions:
27+
patterns:
28+
- "*"

.github/workflows/issues.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,4 @@ permissions:
99

1010
jobs:
1111
help-wanted:
12-
uses: laravel/.github/.github/workflows/issues.yml@main
12+
uses: laravel/.github/.github/workflows/issues.yml@9c15e86fffce728fb6c50ebeae24fd63e98f4d1d # main

.github/workflows/pull-requests.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,4 @@ permissions:
99

1010
jobs:
1111
uneditable:
12-
uses: laravel/.github/.github/workflows/pull-requests.yml@main
12+
uses: laravel/.github/.github/workflows/pull-requests.yml@9c15e86fffce728fb6c50ebeae24fd63e98f4d1d # main

.github/workflows/static-analysis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,4 @@ permissions:
1212

1313
jobs:
1414
tests:
15-
uses: laravel/.github/.github/workflows/static-analysis.yml@main
15+
uses: laravel/.github/.github/workflows/static-analysis.yml@9c15e86fffce728fb6c50ebeae24fd63e98f4d1d # main

.github/workflows/tests.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
schedule:
1010
- cron: '0 0 * * *'
1111

12+
permissions:
13+
contents: read
14+
1215
jobs:
1316
tests:
1417
runs-on: ubuntu-22.04
@@ -38,10 +41,12 @@ jobs:
3841

3942
steps:
4043
- name: Checkout code
41-
uses: actions/checkout@v4
44+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
45+
with:
46+
persist-credentials: false
4247

4348
- name: Setup PHP
44-
uses: shivammathur/setup-php@v2
49+
uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
4550
with:
4651
php-version: ${{ matrix.php }}
4752
extensions: dom, curl, libxml, mbstring, zip

.github/workflows/update-changelog.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,4 @@ jobs:
1010
update:
1111
permissions:
1212
contents: write
13-
uses: laravel/.github/.github/workflows/update-changelog.yml@main
13+
uses: laravel/.github/.github/workflows/update-changelog.yml@9c15e86fffce728fb6c50ebeae24fd63e98f4d1d # main

0 commit comments

Comments
 (0)