Pinning Action Dependencies for Security and Reliability (#167)

* Pinning Dependencies * actionx/prettier sha
2025-07-15 10:10:42 +00:00 · 2025-02-28 13:28:29 -08:00
parent 0e8654bb94
commit 5976fc8a1b
6 changed files with 8 additions and 8 deletions
--- a/.github/workflows/defaultLabels.yml
+++ b/.github/workflows/defaultLabels.yml
@ -13,7 +13,7 @@ jobs:
      # Steps represent a sequence of tasks that will be executed as part of the job
      steps:
-         - uses: actions/stale@v9
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
           name: Setting issue as idle
           with:
              repo-token: ${{ secrets.GITHUB_TOKEN }}
@ -24,7 +24,7 @@ jobs:
              operations-per-run: 100
              exempt-issue-labels: 'backlog'
-         - uses: actions/stale@v9
+         - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
           name: Setting PR as idle
           with:
              repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@ -15,7 +15,7 @@ jobs:
         PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
      steps:
         - name: Check out repository
-           uses: actions/checkout@v4
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         - name: npm install and build
           id: action-npm-build
           run: |
--- a/.github/workflows/prettify-code.yml
+++ b/.github/workflows/prettify-code.yml
@ -10,9 +10,9 @@ jobs:
      runs-on: ubuntu-latest
      steps:
         - name: Checkout Repository
-           uses: actions/checkout@v4
+           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         - name: Enforce Prettier
-           uses: actionsx/prettier@v3
+           uses: actionsx/prettier@3d9f7c3fa44c9cb819e68292a328d7f4384be206 # v3
           with:
              args: --check .
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@ -13,6 +13,6 @@ jobs:
      permissions:
         actions: read
         contents: write
-      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@v1
+      uses: Azure/action-release-workflows/.github/workflows/release_js_project.yaml@6f9de5deea0d6655168c8dd26e8849698f9a3809 # v1.0.2
      with:
         changelogPath: ./CHANGELOG.md
--- a/.github/workflows/tag-and-draft.yml
+++ b/.github/workflows/tag-and-draft.yml
@ -7,4 +7,4 @@ on:
 jobs:
   tag-and-release:
-      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@main
+      uses: OliverMKing/javascript-release-workflow/.github/workflows/tag-and-release.yml@c753e1545b144562237cd1177a95bab21a785cff # main
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@ -13,7 +13,7 @@ jobs:
   build: # make sure build/ci works properly
      runs-on: ubuntu-latest
      steps:
-         - uses: actions/checkout@v4
+         - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         - name: Run L0 tests.
           run: |