From 68baa735c77b9541272bedb6c304837c05e1b476 Mon Sep 17 00:00:00 2001 From: Pavel Zwerschke Date: Tue, 1 Oct 2024 11:02:10 +0200 Subject: [PATCH] pin actions by sha (#146) --- .github/workflows/build.yml | 20 +++---- .github/workflows/release.yml | 6 +- .github/workflows/test.yml | 100 +++++++++++++++++----------------- 3 files changed, 63 insertions(+), 63 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d400819..fc4b037 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,15 +13,15 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.4.0 with: version: 9 - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: node-version: 20 cache: pnpm @@ -39,7 +39,7 @@ jobs: name: Reference latest version in README runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Assert latest setup-pixi version is mentioned in README run: | @@ -59,7 +59,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Assert latest pixi version is mentioned in README run: | @@ -76,7 +76,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create pull request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 if: failure() && github.ref_name == 'main' with: token: ${{ secrets.GITHUB_TOKEN }} @@ -87,15 +87,15 @@ jobs: check-dist: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.4.0 with: version: 9 - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: node-version: 20 cache: pnpm @@ -116,7 +116,7 @@ jobs: id: diff # If index.js or post.js are different than expected, upload the expected version as an artifact - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: ${{ failure() && steps.diff.conclusion == 'failure' }} with: name: dist diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2dee90a..4b4f4f5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,8 +12,8 @@ jobs: release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: Quantco/ui-actions/version-metadata@a0653e9fc0ee3c4be9f7cc88e509e40536e9f3c1 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: Quantco/ui-actions/version-metadata@a0653e9fc0ee3c4be9f7cc88e509e40536e9f3c1 # v1.0.15 id: version-metadata with: file: ./package.json @@ -24,7 +24,7 @@ jobs: TAG_NAME: v${{ steps.version-metadata.outputs.newVersion }} - name: Create release if: steps.version-metadata.outputs.changed == 'true' - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: generate_release_notes: true tag_name: v${{ steps.version-metadata.outputs.newVersion }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bcc8c13..cfb82a1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ jobs: runs-on: ${{ matrix.os }} name: default ${{ matrix.cache == true && 'with' || 'without' }} cache (${{ matrix.os }}) steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -47,7 +47,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -64,7 +64,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: ./ with: run-install: false @@ -79,7 +79,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest, macos-13] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/old-pixi-lockfiles/* . - uses: ./ @@ -97,7 +97,7 @@ jobs: locked: [true, false] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/old-pixi-lockfiles/* . - uses: ./ @@ -116,7 +116,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest, macos-13] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: ./ with: run-install: false @@ -129,7 +129,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest, macos-13] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: ./ with: run-install: false @@ -148,7 +148,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -163,7 +163,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -175,7 +175,7 @@ jobs: custom-pixi-url: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/old-pixi-lockfiles/* . - uses: ./ @@ -190,7 +190,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: ./ with: cache: false @@ -202,7 +202,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -216,7 +216,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -237,7 +237,7 @@ jobs: ignore-reason: [none, version, version-latest, url, bin-path] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - name: Create pixi directory and add to PATH @@ -356,7 +356,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -377,7 +377,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -400,7 +400,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -421,7 +421,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/auth/* . - uses: ./ @@ -439,7 +439,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -463,7 +463,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: ./ with: run-install: false @@ -483,10 +483,10 @@ jobs: matrix: post-cleanup: ['true', 'false'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe + - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe # v3.1.0 with: run: | set -euxo pipefail @@ -508,10 +508,10 @@ jobs: matrix: post-cleanup: ['true', 'false'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe + - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe # v3.1.0 with: run: | set -euxo pipefail @@ -530,10 +530,10 @@ jobs: matrix: post-cleanup: ['true', 'false'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe + - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe # v3.1.0 with: run: | set -euxo pipefail @@ -551,10 +551,10 @@ jobs: matrix: post-cleanup: ['true', 'false'] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe + - uses: lisanna-dettwyler/action-post-run@d053b9b43d788b87a409f6cdb3b6fc87c6c8a4fe # v3.1.0 with: run: | set -euxo pipefail @@ -572,7 +572,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/no-lockfile/* . - uses: ./ @@ -604,7 +604,7 @@ jobs: cache: ['true', 'false'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/multiple-environments/* . - uses: ./ @@ -640,7 +640,7 @@ jobs: matrix: os: [windows-latest, ubuntu-latest, macos-latest, macos-13] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi files run: mv test/default/* . - uses: ./ @@ -656,7 +656,7 @@ jobs: matrix: os: [windows-latest, ubuntu-latest, macos-latest, macos-13] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi files run: mv test/default/* . - uses: ./ @@ -681,7 +681,7 @@ jobs: matrix: os: [windows-latest, ubuntu-latest, macos-latest, macos-13] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi files run: mv test/default/* . - uses: ./ @@ -705,7 +705,7 @@ jobs: matrix: os: [windows-latest, ubuntu-latest, macos-latest, macos-13] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi files run: mv test/default/* . - uses: ./ @@ -719,7 +719,7 @@ jobs: timeout-minutes: 10 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi files run: mv test/pyproject-manifest/* . - uses: ./ @@ -732,7 +732,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: ./ with: cache: true @@ -744,7 +744,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -760,7 +760,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -776,7 +776,7 @@ jobs: run: shell: pwsh steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -792,7 +792,7 @@ jobs: run: shell: cmd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -810,7 +810,7 @@ jobs: environment-activation-false: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/default/* . - uses: ./ @@ -821,7 +821,7 @@ jobs: environment-activation-explicit-env: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/multiple-environments/* . - uses: ./ @@ -834,7 +834,7 @@ jobs: environment-activation-multiple-env: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Move pixi.toml run: mv test/multiple-environments/* . - uses: ./ @@ -855,7 +855,7 @@ jobs: # matrix: # os: [windows-latest, ubuntu-latest, macos-latest] # steps: - # - uses: actions/checkout@v4 + # - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # - name: Move pixi files # run: mv test/no-lockfile/* . # - uses: ./ @@ -872,7 +872,7 @@ jobs: # matrix: # os: [windows-latest, ubuntu-latest, macos-latest] # steps: - # - uses: actions/checkout@v4 + # - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # - name: Move pixi files # run: mv test/default/* . # - uses: ./ @@ -888,7 +888,7 @@ jobs: # matrix: # os: [windows-latest, ubuntu-latest, macos-latest] # steps: - # - uses: actions/checkout@v4 + # - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # - name: Move pixi files # run: mv test/default/* . # - uses: ./ @@ -906,7 +906,7 @@ jobs: # matrix: # os: [windows-latest, ubuntu-latest, macos-latest] # steps: - # - uses: actions/checkout@v4 + # - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # - name: Move pixi files # run: mv test/no-lockfile/* . # - uses: ./ @@ -922,7 +922,7 @@ jobs: # matrix: # os: [windows-latest, ubuntu-latest, macos-latest] # steps: - # - uses: actions/checkout@v4 + # - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # - name: Move pixi files # run: mv test/no-lockfile/* . # - uses: ./ @@ -938,7 +938,7 @@ jobs: # matrix: # os: [windows-latest, ubuntu-latest, macos-latest] # steps: - # - uses: actions/checkout@v4 + # - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # - name: Move pixi files # run: mv test/lockfile-not-up-to-date/* . # - uses: ./ @@ -954,7 +954,7 @@ jobs: # matrix: # os: [windows-latest, ubuntu-latest, macos-latest] # steps: - # - uses: actions/checkout@v4 + # - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # - name: Move pixi files # run: mv test/no-lockfile/* . # - uses: ./