diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b0562ed4ff8..a881b540ad2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,13 +28,13 @@ jobs: git config --global user.name "xyz" git config --global user.email "x@y.z" - name: Checkout Commit - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 with: version: next-8 - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 with: node-version: ${{ matrix.node }} cache: 'pnpm' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index eb74e0bd1d1..73e50125884 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,11 +42,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@d835c34a7026e284170c41a0a66c956e03f247d0 # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@d835c34a7026e284170c41a0a66c956e03f247d0 # v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -71,4 +71,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@d835c34a7026e284170c41a0a66c956e03f247d0 # v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d7d0de54ef8..246defee37f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: environment: release steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Install ldid run: | sudo apt-get update @@ -47,7 +47,7 @@ jobs: - name: Generate release description run: pnpm run make-release-description - name: Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: draft: true files: dist/* diff --git a/.github/workflows/update-latest.yml b/.github/workflows/update-latest.yml index aef23687c63..96f2553d130 100644 --- a/.github/workflows/update-latest.yml +++ b/.github/workflows/update-latest.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 - name: Update tag env: "npm_config_//registry.npmjs.org/:_authToken": ${{ secrets.NPM_TOKEN }} @@ -34,7 +34,7 @@ jobs: environment: release needs: tag-in-registry steps: - - uses: vedantmgoyal2009/winget-releaser@v2 + - uses: vedantmgoyal2009/winget-releaser@93fd8b606a1672ec3e5c6c3bb19426be68d1a8b0 # v2 with: identifier: pnpm.pnpm version: ${{ github.event.inputs.version }} @@ -46,7 +46,7 @@ jobs: environment: release needs: tag-in-registry steps: - - uses: bluwy/release-for-reddit-action@v1 + - uses: bluwy/release-for-reddit-action@4d948192aff856da22f19f9806b00b46ca384547 # v1 with: username: ${{ secrets.REDDIT_USERNAME }} password: ${{ secrets.REDDIT_PASSWORD }} @@ -63,7 +63,7 @@ jobs: steps: - name: Send toot to Mastodon id: mastodon - uses: cbrgm/mastodon-github-action@v1 + uses: cbrgm/mastodon-github-action@d98ab3376f941df14d37d5737961de431c0838c6 # v1 with: message: | pnpm@${{ github.event.inputs.version }} is out!