diff --git a/.github/workflows/generate-preview-link.yml b/.github/workflows/generate-preview-link.yml index d9ff1ad98cc..0d4d6bbd0d7 100644 --- a/.github/workflows/generate-preview-link.yml +++ b/.github/workflows/generate-preview-link.yml @@ -1,13 +1,5 @@ name: Generate preview link -permissions: - actions: write - checks: write - contents: write - deployments: write - pull-requests: write - statuses: write - on: pull_request_target: types: [opened, synchronize] @@ -24,6 +16,9 @@ concurrency: jobs: build_to_cloudflare_pages: runs-on: Ubuntu-latest + permissions: + checks: write + pull-requests: write steps: - name: Verify user uses: 'deriv-com/shared-actions/.github/actions/verify_user_in_organization@v1' @@ -32,13 +27,13 @@ jobs: token: ${{ secrets.PREVIEW_LINK_TOKEN }} - name: Checkout to repo - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 with: ref: ${{ github.event.pull_request.head.sha }} - name: 'Generate action link comment' id: generate_action_url - uses: actions/github-script@v3 + uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 with: github-token: ${{ github.token }} script: | @@ -53,7 +48,7 @@ jobs: core.setOutput("comment", comment); - name: Post Cloudflare Pages Preview comment - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd with: header: Cloudflare Pages Preview Comment number: ${{github.event.pull_request.user.login}} @@ -61,7 +56,7 @@ jobs: recreate: true - name: Setup node - uses: actions/setup-node@v2 + uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 - name: Create npmrc file shell: bash @@ -72,7 +67,7 @@ jobs: run: echo '//npm.pkg.github.com/:_authToken=${{ secrets.READ_DERIV_COM_ORG_PACKAGES }}' >> .npmrc - name: Get build output from master cache - uses: actions/cache/restore@v3 + uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c with: key: master-cache-public restore-keys: | @@ -82,7 +77,7 @@ jobs: public - name: Get cached dependencies id: cache-npm - uses: actions/cache/restore@v3 + uses: actions/cache/restore@e12d46a63a90f2fae62d114769bbf2a179198b5c with: path: node_modules key: npm-${{ hashFiles('**/package-lock.json') }} @@ -145,7 +140,7 @@ jobs: - name: 'Generate preview link comment' if: success() id: generate_preview_url - uses: actions/github-script@v3 + uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 with: github-token: ${{ github.token }} script: | @@ -164,7 +159,7 @@ jobs: - name: 'Generate failure comment' if: failure() id: generate_failure_comment - uses: actions/github-script@v3 + uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 with: github-token: ${{ github.token }} script: | @@ -179,7 +174,7 @@ jobs: core.setOutput("comment", comment); - name: Post Cloudflare Pages Preview comment if: success() || failure() - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd with: header: Cloudflare Pages Preview Comment number: ${{github.event.number}} @@ -187,7 +182,7 @@ jobs: recreate: true - name: Upload PR information to artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: 'pr-${{github.run_id}}' path: .pr