From 9d0277c4f7c4c8a6ebe323384e43ce9eea504265 Mon Sep 17 00:00:00 2001 From: William Murphy Date: Mon, 20 Nov 2023 10:54:00 -0500 Subject: [PATCH] chore: pin and upgrade gh actions (#429) * chore: pin peter-evans/create-or-update-comment Signed-off-by: Will Murphy * chore: update and pin GH actions Signed-off-by: Will Murphy --------- Signed-off-by: Will Murphy --- .github/workflows/release-draft.yml | 2 +- .github/workflows/release-tag.yml | 2 +- .github/workflows/update-snapshots.yml | 8 ++++---- .github/workflows/update-syft-release.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index 09aa893d..b94c8a4c 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -10,6 +10,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Draft release notes - uses: release-drafter/release-drafter@v5 + uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 env: GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index ee1f5a84..c7e3a747 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -8,7 +8,7 @@ jobs: actions-tagger: runs-on: ubuntu-latest steps: - - uses: Actions-R-Us/actions-tagger@v2 + - uses: Actions-R-Us/actions-tagger@330ddfac760021349fef7ff62b372f2f691c20fb # v2.0.3 env: GITHUB_TOKEN: ${{ github.token }} with: diff --git a/.github/workflows/update-snapshots.yml b/.github/workflows/update-snapshots.yml index 5527a6dc..b3ce5dae 100644 --- a/.github/workflows/update-snapshots.yml +++ b/.github/workflows/update-snapshots.yml @@ -12,7 +12,7 @@ jobs: ports: - 5000:5000 steps: - - uses: actions/github-script@v3 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 id: get-pr with: script: | @@ -29,13 +29,13 @@ jobs: core.setFailed(`Request failed with error ${err}`) } - name: Generate token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 id: generate-token with: app_id: ${{ secrets.TOKEN_APP_ID }} private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} - name: Add seen reaction - uses: peter-evans/create-or-update-comment@v3 + uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 with: comment-id: ${{ github.event.comment.id }} reactions: eyes @@ -64,7 +64,7 @@ jobs: git commit -s -am "chore(test): update snapshots" git push - name: Add success reaction - uses: peter-evans/create-or-update-comment@v3 + uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 with: comment-id: ${{ github.event.comment.id }} reactions: "+1" diff --git a/.github/workflows/update-syft-release.yml b/.github/workflows/update-syft-release.yml index 060460cc..d3c62e20 100644 --- a/.github/workflows/update-syft-release.yml +++ b/.github/workflows/update-syft-release.yml @@ -24,12 +24,12 @@ jobs: npm install # export the version for use with create-pull-request: echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_OUTPUT - - uses: tibdex/github-app-token@v1 + - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 id: generate-token with: app_id: ${{ secrets.TOKEN_APP_ID }} private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} - - uses: peter-evans/create-pull-request@v4 + - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: signoff: true delete-branch: true