From 4313764cc3e8ecf7c6088e429796eba4d4f5f258 Mon Sep 17 00:00:00 2001 From: Zack Koppert Date: Tue, 11 Jun 2024 16:23:27 -0700 Subject: [PATCH] chore: Pin actions to SHAs for security and reproducibility Signed-off-by: Zack Koppert --- .github/workflows/auto-labeler.yml | 2 +- .github/workflows/build.yml | 2 +- .github/workflows/docker-build.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/pr-title.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/tests.yml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index 99b7358..435e914 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -17,7 +17,7 @@ jobs: name: Auto label pull requests runs-on: ubuntu-latest steps: - - uses: release-drafter/release-drafter@v6 + - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # pin@v6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 098c047..31ba126 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4 - name: Install Dependencies run: npm install diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index c28abc1..b79e2ac 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4 - name: Build Docker image run: docker build -t internal-contribution-forks . diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5c92b7a..33ea1e0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4 - name: Install Dependencies run: npm install diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index b126904..6992b88 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -20,7 +20,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@e32d7e603df1aa1ba07e981f2a23455dee596825 # pin@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7266fe4..b981e30 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,7 +29,7 @@ jobs: contents: write pull-requests: read steps: - - uses: release-drafter/release-drafter@v6 + - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # pin@v6 id: release-drafter env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 7c53f37..8f0c990 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4 - name: Install Dependencies run: npm install