Skip to content

Commit 19b4057

Browse files
authored
Pin GitHub action references (#4817)
## Summary - Pin all GitHub action references to their commit SHAs - Each SHA maps to the current tag for the action at the time of pinning
1 parent e936087 commit 19b4057

File tree

3 files changed

+7
-7
lines changed

3 files changed

+7
-7
lines changed

.github/workflows/push.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -422,7 +422,7 @@ jobs:
422422
# Use Checks API (not Statuses API) to match the required "Integration Tests" check.
423423
- name: Skip integration tests (pull request)
424424
if: ${{ github.event_name == 'pull_request' && !contains(fromJSON(needs.testmask.outputs.targets), 'test') && !contains(fromJSON(needs.testmask.outputs.targets), 'test-exp-ssh') }}
425-
uses: actions/github-script@v8
425+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
426426
with:
427427
github-token: ${{ steps.generate-check-token.outputs.token }}
428428
script: |
@@ -443,7 +443,7 @@ jobs:
443443
# Use Checks API (not Statuses API) to match the required "Integration Tests" check.
444444
- name: Auto-approve for merge group
445445
if: ${{ github.event_name == 'merge_group' }}
446-
uses: actions/github-script@v8
446+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
447447
with:
448448
github-token: ${{ steps.generate-check-token.outputs.token }}
449449
script: |
@@ -487,7 +487,7 @@ jobs:
487487

488488
steps:
489489
- name: Skip integration tests
490-
uses: actions/github-script@v8
490+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
491491
with:
492492
script: |-
493493
await github.rest.checks.create({

.github/workflows/release.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,7 @@ jobs:
115115
AZURE_CLIENT_SECRET: ${{ secrets.DECO_SIGN_AZURE_CLIENT_SECRET }}
116116

117117
- name: Upload Windows artifacts to GitHub Actions
118-
uses: actions/upload-artifact@v7
118+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
119119
with:
120120
name: windows-artifacts
121121
path: |
@@ -135,7 +135,7 @@ jobs:
135135

136136
steps:
137137
- name: Download Windows artifacts
138-
uses: actions/download-artifact@v8
138+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
139139
with:
140140
name: windows-artifacts
141141
path: dist

.github/workflows/tagging.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,13 +34,13 @@ jobs:
3434
steps:
3535
- name: Generate GitHub App Token
3636
id: generate-token
37-
uses: actions/create-github-app-token@v3
37+
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
3838
with:
3939
app-id: ${{ secrets.DECO_SDK_TAGGING_APP_ID }}
4040
private-key: ${{ secrets.DECO_SDK_TAGGING_PRIVATE_KEY }}
4141

4242
- name: Checkout repository
43-
uses: actions/checkout@v6.0.2
43+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4444
with:
4545
fetch-depth: 0
4646
token: ${{ steps.generate-token.outputs.token }}

0 commit comments

Comments
 (0)