From ff8939950698e616f2fa08adbc790e487e8c30a7 Mon Sep 17 00:00:00 2001 From: Gabriela Gutierrez Date: Fri, 20 Jan 2023 14:05:43 +0000 Subject: [PATCH] tools: use actions pinned by commit hash in coverage-linux Signed-off-by: Gabriela Gutierrez PR-URL: https://github.com/nodejs/node/pull/46294 Reviewed-By: Michael Dawson Reviewed-By: Rafael Gonzaga Reviewed-By: Richard Lau Reviewed-By: Tierney Cyren --- .github/dependabot.yml | 9 +++++++++ .github/workflows/coverage-linux.yml | 6 +++--- 2 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000000000..27cdab2e7c3cad --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +# Set update schedule for GitHub Actions + +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + open-pull-requests-limit: 10 diff --git a/.github/workflows/coverage-linux.yml b/.github/workflows/coverage-linux.yml index 00aa1c8f9d23a4..6e95c17fc1b94e 100644 --- a/.github/workflows/coverage-linux.yml +++ b/.github/workflows/coverage-linux.yml @@ -37,11 +37,11 @@ jobs: if: github.event.pull_request.draft == false runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: persist-credentials: false - name: Set up Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@v4 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 with: python-version: ${{ env.PYTHON_VERSION }} - name: Environment Information @@ -64,6 +64,6 @@ jobs: - name: Clean tmp run: rm -rf coverage/tmp && rm -rf out - name: Upload - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1 with: directory: ./coverage