pin github actions

2025-12-16 22:49:42 +00:00 · 2025-12-15 13:18:01 +02:00 · 2025-12-15 13:18:01 +02:00 · 4609de231d
commit 4609de231d
parent 37930b1c2a
6 changed files with 15 additions and 15 deletions
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@ -18,10 +18,10 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

      - name: Setup Node 24
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 24.x
          cache: 'npm'
@ -42,7 +42,7 @@ jobs:
        id: diff

      # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
        with:
          name: dist
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -20,11 +20,11 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
      # Override language selection by uncommenting this and choosing your languages
      # with:
      #   languages: go, javascript, csharp, python, cpp, java
@ -32,7 +32,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@ -46,4 +46,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest
    name: Check licenses
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
      - run: npm ci
      - name: Install licensed
        run: |
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@ -14,7 +14,7 @@ jobs:

    steps:
      - name: Checking out
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
      - name: Publish
        id: publish
-        uses: actions/publish-immutable-action@0.0.3
+        uses: actions/publish-immutable-action@4b1aa5c1cde5fedc80d52746c9546cb5560e5f53 # v0.0.3
--- a/.github/workflows/release-new-action-version.yml
+++ b/.github/workflows/release-new-action-version.yml
@ -21,7 +21,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Update the ${{ env.TAG_NAME }} tag
-      uses: actions/publish-action@v0.3.0
+      uses: actions/publish-action@f784495ce78a41bac4ed7e34a73f0034015764bb # v0.3.0
      with:
        source-tag: ${{ env.TAG_NAME }}
        slack-webhook: ${{ secrets.SLACK_WEBHOOK }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -20,10 +20,10 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

    - name: Setup Node 24
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      with:
        node-version: 24.x
        cache: 'npm'
@ -51,13 +51,13 @@ jobs:
        echo "Hello world from file B" > path/to/artifact-B/file-B.txt

    - name: Upload artifact A
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: Artifact-A-${{ matrix.runs-on }}
        path: path/to/artifact-A

    - name: Upload artifact B
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: Artifact-B-${{ matrix.runs-on }}
        path: path/to/artifact-B