Skip to content

Commit f2de51e

Browse files
authored
SHA Pinning (#2046)
1 parent d96ffd8 commit f2de51e

6 files changed

Lines changed: 11 additions & 14 deletions

File tree

.github/workflows/auto-merge.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,6 @@ jobs:
1313

1414
runs-on: ubuntu-latest
1515
steps:
16-
- uses: actions/checkout@v5
17-
1816
- name: Enable auto-merge for Pull Request
1917
run: |
2018
gh pr review --approve "$PR_URL"

.github/workflows/ci.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,16 +19,16 @@ jobs:
1919

2020
steps:
2121
- name: Checkout
22-
uses: actions/checkout@v5
22+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2323

2424
- name: Use Node.js ${{ matrix.node-version }}
25-
uses: actions/setup-node@v5
25+
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
2626
with:
2727
node-version: ${{ matrix.node-version }}
2828
check-latest: true
2929
package-manager-cache: false
3030

31-
- uses: pnpm/action-setup@v4
31+
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
3232
name: Install pnpm
3333
with:
3434
run_install: |

.github/workflows/codeql-analysis.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,11 +41,11 @@ jobs:
4141

4242
steps:
4343
- name: Checkout repository
44-
uses: actions/checkout@v5
44+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4545

4646
# Initializes the CodeQL tools for scanning.
4747
- name: Initialize CodeQL
48-
uses: github/codeql-action/init@v3
48+
uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4
4949
with:
5050
languages: ${{ matrix.language }}
5151
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
5656
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5757
# If this step fails, then you should remove it and run the build manually (see below)
5858
- name: Autobuild
59-
uses: github/codeql-action/autobuild@v3
59+
uses: github/codeql-action/autobuild@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4
6060

6161
# ℹ️ Command-line programs to run using the OS shell.
6262
# 📚 https://git.io/JvXDl
@@ -70,4 +70,4 @@ jobs:
7070
# make release
7171

7272
- name: Perform CodeQL Analysis
73-
uses: github/codeql-action/analyze@v3
73+
uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4

.github/workflows/dependency-review.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,9 @@ jobs:
2929
runs-on: ubuntu-latest
3030
steps:
3131
- name: 'Checkout repository'
32-
uses: actions/checkout@v5
32+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
3333
- name: 'Dependency Review'
34-
uses: actions/dependency-review-action@v4
34+
uses: actions/dependency-review-action@31c9f175b9cbbdee66d6ab34ed35e2c827f8be10 # v4.7.4
3535
# Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
3636
with:
3737
comment-summary-in-pr: always

.github/workflows/release.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ name: Automatic release
22
on:
33
pull_request:
44
branches:
5-
- master
65
- main
76
types:
87
- closed
@@ -27,7 +26,7 @@ jobs:
2726
persist-credentials: false
2827

2928
- name: Setup Node
30-
uses: actions/setup-node@v5
29+
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
3130
with:
3231
node-version: 'lts/*'
3332
registry-url: 'https://registry.npmjs.org'

.github/workflows/scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,6 @@ jobs:
7474
# Upload the results to GitHub's code scanning dashboard (optional).
7575
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
7676
- name: "Upload to code-scanning"
77-
uses: github/codeql-action/upload-sarif@v3
77+
uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4
7878
with:
7979
sarif_file: results.sarif

0 commit comments

Comments
 (0)