Skip to content

Commit b5b1ec9

Browse files
authored
Pin GitHub Actions to commit SHAs (#260)
Signed-off-by: Divya Madala <divyaasm@amazon.com>
1 parent 6a3d099 commit b5b1ec9

9 files changed

Lines changed: 31 additions & 31 deletions

.github/workflows/claude-code-plugin-release.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
permissions:
1313
contents: write
1414
steps:
15-
- uses: actions/checkout@v4
15+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
1616

1717
- name: Build skill ZIP files
1818
run: |
@@ -31,7 +31,7 @@ jobs:
3131
ls -la "$DIST_DIR"
3232
3333
- name: Upload ZIPs as artifacts
34-
uses: actions/upload-artifact@v4
34+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
3535
with:
3636
name: claude-code-plugin-skills
3737
path: claude-code-observability-plugin/dist/*.zip

.github/workflows/cli-unit-tests.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@ jobs:
1212
test:
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: actions/checkout@v4
16-
- uses: actions/setup-node@v4
15+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
16+
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
1717
with:
1818
node-version: '24'
1919
- name: Install dependencies

.github/workflows/docs-ci.yml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,10 @@ jobs:
2121

2222
steps:
2323
- name: Checkout code
24-
uses: actions/checkout@v4
24+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2525

2626
- name: Setup Node.js
27-
uses: actions/setup-node@v4
27+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
2828
with:
2929
node-version: '20'
3030
cache: 'npm'
@@ -40,13 +40,13 @@ jobs:
4040
run: npm run test:coverage
4141

4242
- name: Upload coverage reports to Codecov
43-
uses: codecov/codecov-action@v5
43+
uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5
4444
with:
4545
token: ${{ secrets.CODECOV_TOKEN }}
4646

4747
- name: Upload test results
4848
if: always()
49-
uses: actions/upload-artifact@v4
49+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
5050
with:
5151
name: test-results
5252
path: docs/coverage/
@@ -58,10 +58,10 @@ jobs:
5858

5959
steps:
6060
- name: Checkout code
61-
uses: actions/checkout@v4
61+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
6262

6363
- name: Setup Node.js
64-
uses: actions/setup-node@v4
64+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
6565
with:
6666
node-version: '20'
6767
cache: 'npm'
@@ -74,7 +74,7 @@ jobs:
7474
run: npm run build
7575

7676
- name: Upload build artifacts
77-
uses: actions/upload-artifact@v4
77+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
7878
with:
7979
name: dist
8080
path: docs/dist/
@@ -86,10 +86,10 @@ jobs:
8686

8787
steps:
8888
- name: Checkout code
89-
uses: actions/checkout@v4
89+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
9090

9191
- name: Setup Node.js
92-
uses: actions/setup-node@v4
92+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
9393
with:
9494
node-version: '20'
9595
cache: 'npm'

.github/workflows/docs-deploy.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,17 +29,17 @@ jobs:
2929

3030
steps:
3131
- name: Checkout code
32-
uses: actions/checkout@v4
32+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
3333

3434
- name: Setup Node.js
35-
uses: actions/setup-node@v4
35+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
3636
with:
3737
node-version: '20'
3838
cache: 'npm'
3939
cache-dependency-path: docs/package-lock.json
4040

4141
- name: Setup Pages
42-
uses: actions/configure-pages@v4
42+
uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4
4343

4444
- name: Install dependencies
4545
run: npm ci
@@ -61,7 +61,7 @@ jobs:
6161
cp -r starlight-docs/dist/* dist/docs/
6262
6363
- name: Upload artifact
64-
uses: actions/upload-pages-artifact@v3
64+
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
6565
with:
6666
path: ./docs/dist
6767

@@ -76,4 +76,4 @@ jobs:
7676
steps:
7777
- name: Deploy to GitHub Pages
7878
id: deployment
79-
uses: actions/deploy-pages@v4
79+
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4

.github/workflows/docs-pr-preview.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,10 @@ jobs:
2020

2121
steps:
2222
- name: Checkout code
23-
uses: actions/checkout@v4
23+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2424

2525
- name: Setup Node.js
26-
uses: actions/setup-node@v4
26+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
2727
with:
2828
node-version: '20'
2929
cache: 'npm'
@@ -41,7 +41,7 @@ jobs:
4141
- name: Comment PR
4242
if: github.event.pull_request.head.repo.full_name == github.repository
4343
continue-on-error: true
44-
uses: actions/github-script@v7
44+
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
4545
with:
4646
script: |
4747
github.rest.issues.createComment({

.github/workflows/e2e.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
runs-on: ubuntu-latest
1919
timeout-minutes: 15
2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2222

2323
- name: Run E2E tests (docker compose)
2424
run: ./test/e2e.sh
@@ -31,7 +31,7 @@ jobs:
3131
runs-on: ubuntu-latest
3232
timeout-minutes: 15
3333
steps:
34-
- uses: actions/checkout@v4
34+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
3535

3636
- name: Run E2E tests (install.sh)
3737
run: ./test/e2e-install.sh

.github/workflows/helm-test.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@ jobs:
1818
runs-on: ubuntu-latest
1919
timeout-minutes: 5
2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2222

2323
- name: Set up Helm
24-
uses: azure/setup-helm@v4
24+
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
2525

2626
- name: Install helm-unittest plugin
2727
run: helm plugin install https://github.com/helm-unittest/helm-unittest.git --verify=false

.github/workflows/publish-images.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,13 +32,13 @@ jobs:
3232
- name: canary
3333
context: docker-compose/canary
3434
steps:
35-
- uses: actions/checkout@v4
36-
- uses: docker/login-action@v3
35+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
36+
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
3737
with:
3838
registry: ghcr.io
3939
username: ${{ github.actor }}
4040
password: ${{ secrets.GITHUB_TOKEN }}
41-
- uses: docker/build-push-action@v6
41+
- uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
4242
with:
4343
context: ${{ matrix.context }}
4444
push: true

.github/workflows/release-drafter.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,9 @@ jobs:
1515
contents: write
1616
steps:
1717
- name: Checkout
18-
uses: actions/checkout@v6
18+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
1919

20-
- uses: actions/setup-node@v6
20+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
2121
with:
2222
node-version: '24'
2323
registry-url: 'https://registry.npmjs.org'
@@ -36,7 +36,7 @@ jobs:
3636
run: npm publish
3737

3838
- name: Release on Github
39-
uses: softprops/action-gh-release@v2
39+
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
4040
with:
4141
draft: false
4242
generate_release_notes: true

0 commit comments

Comments
 (0)