From 141391a06d99db08caf5e4bda923c88bc2e20f95 Mon Sep 17 00:00:00 2001 From: Overcooked Panda Date: Tue, 29 Jul 2025 19:51:39 -0500 Subject: [PATCH] chore(ci): pin all actions to hash, comment w/ver & rel link Signed-off-by: Overcooked Panda --- .github/workflows/conventional-commits.yml | 4 ++-- .github/workflows/go-test.yml | 4 ++-- .github/workflows/golangci-lint.yml | 6 +++--- .github/workflows/publish.yml | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml index 4479f160..bf4d013b 100644 --- a/.github/workflows/conventional-commits.yml +++ b/.github/workflows/conventional-commits.yml @@ -13,5 +13,5 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v4 - - uses: webiny/action-conventional-commits@v1.3.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 + - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0 https://github.com/webiny/action-conventional-commits/releases/tag/v1.3.0 diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index ce4c4a7c..9c4b25eb 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -21,10 +21,10 @@ jobs: platform: [ubuntu-latest] runs-on: ${{ matrix.platform }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 with: submodules: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 https://github.com/actions/setup-go/releases/tag/v5.5.0 with: go-version: ${{ matrix.go-version }} - name: go-test diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index aaa73f76..98243626 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,9 +15,9 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 https://github.com/actions/setup-go/releases/tag/v5.5.0 with: go-version: 1.24.x - name: golangci-lint - uses: golangci/golangci-lint-action@v8 + uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 https://github.com/golangci/golangci-lint-action/releases/tag/v8.0.0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 37fd8117..ee880a3f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,7 +16,7 @@ jobs: RELEASE_ID: ${{ steps.create-release.outputs.result }} steps: - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" - - uses: actions/github-script@v7 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/releases/tag/v7.0.1 id: create-release with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -39,4 +39,4 @@ jobs: # This updates the documentation on pkg.go.dev and the latest version available via the Go module proxy - name: Pull new module version - uses: andrewslotin/go-proxy-pull-action@v1.3.0 + uses: andrewslotin/go-proxy-pull-action@0ef95ea50ab6c03f2f095a5102bbdecad8fd7602 # v1.3.0 https://github.com/andrewslotin/go-proxy-pull-action/releases/tag/v1.3.0