diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f476de6..32a927c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,13 +16,13 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Full history for accurate SonarQube blame/new-code detection fetch-depth: 0 # Installs the tool versions pinned in mise.toml (bun, node) - - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + - uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 - name: Install dependencies run: bun install --frozen-lockfile @@ -40,7 +40,7 @@ jobs: run: bun run build - name: Upload coverage to Codecov - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 + uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 with: files: coverage/lcov.info token: ${{ secrets.CODECOV_TOKEN }} @@ -50,6 +50,6 @@ jobs: # Skipped until the SONAR_TOKEN secret is configured # (secrets aren't readable in step `if`, so check via env) if: ${{ env.SONAR_TOKEN != '' }} - uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 + uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e # v8.2.0 env: SONAR_HOST_URL: https://sonarcloud.io diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 895bc79..7eda555 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -27,10 +27,10 @@ jobs: run: working-directory: website steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + - uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 - run: bun install --frozen-lockfile - run: bun scripts/sync-services.ts - name: Check generated service pages are up to date @@ -57,7 +57,7 @@ jobs: command: pages deploy dist --project-name=emulate-docs --branch=${{ github.head_ref || github.ref_name }} - name: Comment preview URL on PR if: github.event_name == 'pull_request' && steps.deploy.outcome == 'success' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: DEPLOYMENT_URL: ${{ steps.deploy.outputs.deployment-url }} ALIAS_URL: ${{ steps.deploy.outputs.pages-deployment-alias-url }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f474641..833c33a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,11 +40,11 @@ jobs: # generates a provenance attestation automatically on trusted publishes. id-token: write steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # Installs the tool versions pinned in mise.toml (bun + node, which # provides the npm CLI used to publish). - - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + - uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 - name: Install dependencies run: bun install --frozen-lockfile