From eb14742dfc64455db43622e06a0cfdc7e996e833 Mon Sep 17 00:00:00 2001 From: Jaco Date: Fri, 26 Aug 2022 16:56:53 +0200 Subject: [PATCH] Pin Github actions (#678) --- .github/workflows/auto-approve.yml | 2 +- .github/workflows/auto-merge.yml | 2 +- .github/workflows/lock.yml | 2 +- .github/workflows/pr-any.yml | 2 +- .github/workflows/push-master.yml | 2 +- .github/workflows/semgrep.yml | 4 ++-- .github/workflows/stale.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index c6319d36..35934d5e 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -9,7 +9,7 @@ jobs: if: "! startsWith(github.event.head_commit.message, '[CI Skip]') && (!github.event.pull_request || github.event.pull_request.head.repo.full_name == github.repository)" runs-on: ubuntu-latest steps: - - uses: jacogr/action-approve@master + - uses: jacogr/action-approve@9d6ce78d26f23ad29d009d034822cf773f2cb50e with: authors: jacogr labels: -auto diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index 0d4e8065..afd055c9 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -8,7 +8,7 @@ jobs: merge: runs-on: ubuntu-latest steps: - - uses: jacogr/action-merge@master + - uses: jacogr/action-merge@3b4b49af8a8644bf5cbb5409ee236abe04eeb1b0 with: checks: build,lint,test labels: -auto diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 433f3e9f..4d94d035 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -10,7 +10,7 @@ jobs: env: YARN_ENABLE_SCRIPTS: false steps: - - uses: dessant/lock-threads@v2 + - uses: dessant/lock-threads@f1a42f0f44eb83361d617a014663e1a76cf282d2 with: github-token: ${{ secrets.GH_PAT_BOT }} issue-lock-inactive-days: '7' diff --git a/.github/workflows/pr-any.yml b/.github/workflows/pr-any.yml index ca6d9094..51558f52 100644 --- a/.github/workflows/pr-any.yml +++ b/.github/workflows/pr-any.yml @@ -11,7 +11,7 @@ jobs: env: YARN_ENABLE_SCRIPTS: false steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e - name: ${{ matrix.step }} run: | yarn install --immutable | grep -v 'YN0013' diff --git a/.github/workflows/push-master.yml b/.github/workflows/push-master.yml index 660708d6..c14685c9 100644 --- a/.github/workflows/push-master.yml +++ b/.github/workflows/push-master.yml @@ -19,7 +19,7 @@ jobs: GH_RELEASE_GITHUB_API_TOKEN: ${{ secrets.GH_PAT }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e with: fetch-depth: 0 token: ${{ secrets.GH_PAT }} diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index d2339ac3..52b4c7f6 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -12,8 +12,8 @@ jobs: env: YARN_ENABLE_SCRIPTS: false steps: - - uses: actions/checkout@v2 - - uses: returntocorp/semgrep-action@v1 + - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e + - uses: returntocorp/semgrep-action@aeafd770072c4f48798b991e3449592bddc2c435 with: auditOn: push publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 9dbe22ee..13f50395 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -9,7 +9,7 @@ jobs: env: YARN_ENABLE_SCRIPTS: false steps: - - uses: actions/stale@v3 + - uses: actions/stale@98ed4cb500039dbcccf4bd9bedada4d0187f2757 with: repo-token: ${{ secrets.GH_PAT_BOT }} stale-issue-message: 'This issue has been open for 21 days with no activity and is not labelled as an enhancement. It will be closed in 7 days.'