From eab3111bb0547773867e7872c86052ad426c503b Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Fri, 13 Jun 2025 09:17:02 +0100 Subject: [PATCH] ci: pin GH actions --- .github/workflows/Prerelease.yml | 14 +++++++------- .github/workflows/PullRequest.yml | 4 ++-- .github/workflows/Release.yml | 14 +++++++------- .github/workflows/pr-labeler.yml | 2 +- .github/workflows/pr-title-check.yml | 2 +- .github/workflows/super-linter.yml | 6 +++--- .github/workflows/wiki-sync.yml | 4 ++-- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/Prerelease.yml b/.github/workflows/Prerelease.yml index 7f4ce18f..c8122737 100644 --- a/.github/workflows/Prerelease.yml +++ b/.github/workflows/Prerelease.yml @@ -22,7 +22,7 @@ jobs: steps: # Drafts your next Release notes as Pull Requests are merged into "master" - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Display the path @@ -38,18 +38,18 @@ jobs: shell: pwsh run: Invoke-Build -File .\src\ALZ.build.ps1 - name: Upload pester results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: pester-results path: .\src\Artifacts\testOutput if-no-files-found: warn - name: Upload zip module archive build - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: zip-archive path: .\src\Archive if-no-files-found: warn - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 id: create_release with: config-name: prerelease-drafter.yml @@ -60,10 +60,10 @@ jobs: run: | $tag_version = "${{ steps.create_release.outputs.tag_name }}".Replace("-alpha", "") ./package_ALZ.ps1 -version $tag_version -prerelease alpha - - uses: montudor/action-zip@v1 + - uses: montudor/action-zip@a8e75c9faefcd80fac3baf53ef40b9b119d5b702 # v1 with: args: zip -qq -r ALZ.zip ALZ - - uses: actions/upload-release-asset@v1.0.1 + - uses: actions/upload-release-asset@64e5e85fc528f162d7ba7ce2d15a3bb67efb3d80 # v1.0.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -71,7 +71,7 @@ jobs: asset_path: ./ALZ.zip asset_name: ALZ.zip asset_content_type: application/zip - - uses: eregon/publish-release@v1 + - uses: eregon/publish-release@01df127f5e9a3c26935118e22e738d95b59d10ce # v1.0.6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/PullRequest.yml b/.github/workflows/PullRequest.yml index e1b0750e..0ff09c57 100644 --- a/.github/workflows/PullRequest.yml +++ b/.github/workflows/PullRequest.yml @@ -16,7 +16,7 @@ jobs: pwsh: ['7.1.3', '7.5.0'] steps: - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Display the path @@ -32,7 +32,7 @@ jobs: shell: pwsh run: Invoke-Build -File .\src\ALZ.build.ps1 - name: Upload pester results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: pester-results path: .\src\Artifacts\testOutput diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml index 27ac8cfc..566cd93c 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release.yml @@ -19,7 +19,7 @@ jobs: steps: # Drafts your next Release notes as Pull Requests are merged into "master" - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Display the path @@ -35,18 +35,18 @@ jobs: shell: pwsh run: Invoke-Build -File .\src\ALZ.build.ps1 - name: Upload pester results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: pester-results path: .\src\Artifacts\testOutput if-no-files-found: warn - name: Upload zip module archive build - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: zip-archive path: .\src\Archive if-no-files-found: warn - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 id: create_release with: config-name: release-drafter.yml @@ -56,10 +56,10 @@ jobs: shell: pwsh run: | ./package_ALZ.ps1 -version ${{ steps.create_release.outputs.tag_name }} - - uses: montudor/action-zip@v1 + - uses: montudor/action-zip@a8e75c9faefcd80fac3baf53ef40b9b119d5b702 # v1 with: args: zip -qq -r ALZ.zip ALZ - - uses: actions/upload-release-asset@v1.0.1 + - uses: actions/upload-release-asset@64e5e85fc528f162d7ba7ce2d15a3bb67efb3d80 # v1.0.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -67,7 +67,7 @@ jobs: asset_path: ./ALZ.zip asset_name: ALZ.zip asset_content_type: application/zip - - uses: eregon/publish-release@v1 + - uses: eregon/publish-release@01df127f5e9a3c26935118e22e738d95b59d10ce # v1.0.6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index f24703b6..1b2b2652 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -13,4 +13,4 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 8653fa4e..5331fba5 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -12,6 +12,6 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 49517b30..42219cc8 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -15,14 +15,14 @@ jobs: name: super linter runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_version: latest terraform_wrapper: false - name: Run github/super-linter/slim - uses: github/super-linter/slim@v5 + uses: github/super-linter/slim@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0 env: # Lint all code VALIDATE_ALL_CODEBASE: true diff --git a/.github/workflows/wiki-sync.yml b/.github/workflows/wiki-sync.yml index bd0a4c0a..e8ea85ed 100644 --- a/.github/workflows/wiki-sync.yml +++ b/.github/workflows/wiki-sync.yml @@ -25,13 +25,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source Repo - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: repository: ${{ env.wiki_source_repo }} path: ${{ env.wiki_source_repo }} - name: Checkout Wiki Repo - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: repository: ${{ env.wiki_target_repo }} path: ${{ env.wiki_target_repo }}