diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index ec33b3f..50c9653 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -21,10 +21,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.1.7 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set Node.js 20.x - uses: actions/setup-node@v4.0.3 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 with: node-version: 20.x @@ -46,7 +46,7 @@ jobs: id: diff # If index.js was different than expected, upload the expected version as an artifact - - uses: actions/upload-artifact@v4.3.6 + - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 if: ${{ failure() && steps.diff.conclusion == 'failure' }} with: name: dist diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6fcd7a2..0543aa8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index f539ad7..ffeaf34 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -19,9 +19,9 @@ jobs: steps: - name: Fetch Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@v2.2.0 + uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0 - - uses: actions/checkout@v4.1.7 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'npm_and_yarn' }} with: ref: ${{ github.head_ref }} @@ -29,7 +29,7 @@ jobs: - name: Set up Node.js 20.x if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'npm_and_yarn' }} - uses: actions/setup-node@v4.0.3 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 with: node-version: 20.x @@ -46,6 +46,6 @@ jobs: - name: Commit changes if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'npm_and_yarn' }} id: commit - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_message: 'Update dist/ after build' diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 2edb9fc..65fefaf 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write runs-on: ubuntu-22.04 steps: - - uses: actions/labeler@v5.0.0 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: '${{ secrets.GITHUB_TOKEN }}' sync-labels: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7fdfada..961de48 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,10 +13,10 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Create/Update Draft - uses: lucacome/draft-release@v1.1.1 + uses: lucacome/draft-release@5d29432a46bff6c122cd4b07a1fb94e1bb158d34 # v1.1.1 with: minor-label: 'enhancement' major-label: 'change' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 22f1ca3..475fc40 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: build: # make sure build/ci work properly runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.1.7 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - run: | npm install - run: |