Skip to content

Commit df8004d

Browse files
milesarmstrongmilesarmstrong
authored
Merge pull request #1143 from duffelhq/miles/pin-actions
Pin GitHub Actions to commit SHAs at latest versions
2 parents e0ad604 + cfda006 commit df8004d

3 files changed

Lines changed: 15 additions & 15 deletions

File tree

.github/workflows/autoapprove.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
auto-approve:
77
runs-on: ubuntu-latest
88
steps:
9-
- uses: hmarr/auto-approve-action@v2
9+
- uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
1010
if: github.actor == 'duffel-bot'
1111
with:
1212
github-token: '${{ secrets.GITHUB_TOKEN }}'

.github/workflows/ci.yml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ jobs:
1717
runs-on: ubuntu-latest
1818
steps:
1919
- name: Check out repository
20-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
20+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121

2222
- name: Set up Node.js
23-
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
23+
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
2424
with:
2525
node-version-file: .tool-versions
2626

@@ -32,7 +32,7 @@ jobs:
3232
run: echo "dir=$(corepack yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
3333

3434
- name: Cache Yarn packages
35-
uses: actions/cache@v4
35+
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
3636
with:
3737
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
3838
key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
@@ -53,10 +53,10 @@ jobs:
5353
runs-on: ubuntu-latest
5454
steps:
5555
- name: Check out repository
56-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
56+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5757

5858
- name: Set up Node.js
59-
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
59+
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
6060
with:
6161
node-version-file: .tool-versions
6262

@@ -68,7 +68,7 @@ jobs:
6868
run: echo "dir=$(corepack yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
6969

7070
- name: Cache Yarn packages
71-
uses: actions/cache@v4
71+
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
7272
with:
7373
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
7474
key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
@@ -86,12 +86,12 @@ jobs:
8686
runs-on: ubuntu-latest
8787
steps:
8888
- name: Check out repository
89-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
89+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
9090
with:
9191
fetch-depth: 0
9292

9393
- name: Set up Node.js
94-
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
94+
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
9595
with:
9696
node-version-file: .tool-versions
9797

@@ -103,7 +103,7 @@ jobs:
103103
run: echo "dir=$(corepack yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
104104

105105
- name: Cache Yarn packages
106-
uses: actions/cache@v4
106+
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
107107
with:
108108
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
109109
key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}

.github/workflows/release.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,12 @@ jobs:
88
runs-on: ubuntu-latest
99
steps:
1010
- name: Checkout
11-
uses: actions/checkout@v4
11+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1212
with:
1313
fetch-depth: 0
1414

1515
- name: Setup Node.js
16-
uses: actions/setup-node@v4
16+
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
1717
with:
1818
node-version-file: .tool-versions
1919

@@ -24,7 +24,7 @@ jobs:
2424
id: yarn-cache-dir-path
2525
run: echo "dir=$(corepack yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
2626

27-
- uses: actions/cache@v4
27+
- uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
2828
id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
2929
with:
3030
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -66,7 +66,7 @@ jobs:
6666
- name: Create Pull Request with updated package files
6767
id: cpr
6868
if: steps.initversion.outputs.version != steps.extractver.outputs.extractver
69-
uses: peter-evans/create-pull-request@v5.0.3
69+
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
7070
with:
7171
token: ${{ secrets.PAT }}
7272
commit-message: 'ci(release): ${{ steps.extractver.outputs.extractver }}'
@@ -85,7 +85,7 @@ jobs:
8585
8686
- name: Enable Pull Request Automerge
8787
if: steps.cpr.outputs.pull-request-operation == 'created'
88-
uses: peter-evans/enable-pull-request-automerge@v3
88+
uses: peter-evans/enable-pull-request-automerge@a660677d5469627102a1c1e11409dd063606628d # v3.0.0
8989
with:
9090
token: ${{ secrets.PAT }}
9191
pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}

0 commit comments

Comments
 (0)