diff --git a/.github/workflows/add-to-task-list.yml b/.github/workflows/add-to-task-list.yml index 252cb222..5215d3c9 100644 --- a/.github/workflows/add-to-task-list.yml +++ b/.github/workflows/add-to-task-list.yml @@ -13,10 +13,10 @@ jobs: runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Generate a token id: generate_token - uses: actions/create-github-app-token@v1.11.0 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }} private-key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cdcb4296..8060512a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,10 +41,10 @@ jobs: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3 # - run: | # echo "Run, Build Application using script" # ./location_of_script_within_repo/buildscript.sh @@ -66,6 +66,6 @@ jobs: # If the Autobuild fails above, remove it and uncomment the following three lines. # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 906e71b9..d5639a55 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -14,8 +14,8 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 - - uses: dev-hato/actions-create-release@v0.0.38 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: dev-hato/actions-create-release@c2a40c5aa1affd28467f9d85ab21730396b96167 # v0.0.38 with: github-token: ${{secrets.GITHUB_TOKEN}} concurrency: diff --git a/.github/workflows/format-json-yml.yml b/.github/workflows/format-json-yml.yml index 51171b2a..b05d0a65 100644 --- a/.github/workflows/format-json-yml.yml +++ b/.github/workflows/format-json-yml.yml @@ -19,17 +19,17 @@ jobs: steps: - name: Generate a token id: generate_token - uses: actions/create-github-app-token@v1.11.0 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }} private-key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} token: ${{ steps.generate_token.outputs.token }} - - uses: dev-hato/actions-format-json-yml@v0.0.74 + - uses: dev-hato/actions-format-json-yml@fb4529a3bce610d82460527c56ff354ed545d1a1 # v0.0.74 with: github-token: ${{ steps.generate_token.outputs.token }} concurrency: diff --git a/.github/workflows/github-actions-cache-cleaner.yml b/.github/workflows/github-actions-cache-cleaner.yml index 416028e0..4fb13231 100644 --- a/.github/workflows/github-actions-cache-cleaner.yml +++ b/.github/workflows/github-actions-cache-cleaner.yml @@ -12,8 +12,8 @@ jobs: github-actions-cache-cleaner: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 - - uses: dev-hato/github-actions-cache-cleaner@v0.0.54 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: dev-hato/github-actions-cache-cleaner@8885351fba02a9d237a5115d7dff95f2b8fa8078 # v0.0.54 with: github-token: ${{secrets.GITHUB_TOKEN}} concurrency: diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 927cc432..16a67cc5 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -39,12 +39,12 @@ jobs: # Checkout the code base # ########################## - name: Checkout Code - uses: actions/checkout@v4.2.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: # Full git history is needed to get a proper list # of changed files within `super-linter` fetch-depth: 0 - - uses: actions/setup-node@v4.0.4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: cache: npm - run: bash "${GITHUB_WORKSPACE}/scripts/super_linter/build/set_path.sh" @@ -52,7 +52,7 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: super-linter/super-linter/slim@v7.1.0 + uses: super-linter/super-linter/slim@b92721f792f381cedc002ecdbb9847a15ece5bb8 # v7.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DEFAULT_BRANCH: main diff --git a/.github/workflows/update-gitleaks.yml b/.github/workflows/update-gitleaks.yml index e865d383..41cc7d00 100644 --- a/.github/workflows/update-gitleaks.yml +++ b/.github/workflows/update-gitleaks.yml @@ -17,19 +17,19 @@ jobs: update-gitleaks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-node@v4.0.4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: cache: npm - name: Install packages if: github.event_name != 'pull_request' || github.event.action != 'closed' run: npm ci - - uses: dev-hato/actions-update-gitleaks@v0.0.79 + - uses: dev-hato/actions-update-gitleaks@0e9a2d1c25c0acc3108157714109d94ebecbf7cf # v0.0.79 with: github-token: ${{secrets.GITHUB_TOKEN}} concurrency: diff --git a/.github/workflows/update-package.yml b/.github/workflows/update-package.yml index 6f518cdd..101ace3b 100644 --- a/.github/workflows/update-package.yml +++ b/.github/workflows/update-package.yml @@ -18,18 +18,18 @@ jobs: update-package: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-node@v4.0.4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: cache: npm - if: github.event_name != 'pull_request' || github.event.action != 'closed' run: npm install - - uses: dev-hato/actions-diff-pr-management@v1.2.0 + - uses: dev-hato/actions-diff-pr-management@e5c78b251a69f44f93b2f1398e06b129bcf151ec # v1.2.0 with: github-token: ${{secrets.GITHUB_TOKEN}} branch-name-prefix: fix-package diff --git a/action.yml b/action.yml index cb7bf39a..c1005834 100644 --- a/action.yml +++ b/action.yml @@ -12,7 +12,7 @@ runs: using: "composite" steps: - name: Remove pull requests and issues from project - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 env: PROJECT_URL: ${{ inputs.project-url }} with: @@ -20,7 +20,7 @@ runs: script: | const script = require('${{ github.action_path }}/scripts/action/remove_prs_and_issues.js') await script({github}) - - uses: actions/add-to-project@v1.0.2 + - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 with: project-url: ${{ inputs.project-url }} github-token: ${{ inputs.github-token }} diff --git a/scripts/super_linter/build/set_path.sh b/scripts/super_linter/build/set_path.sh index e2422e23..7775ce05 100755 --- a/scripts/super_linter/build/set_path.sh +++ b/scripts/super_linter/build/set_path.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash npm ci -action="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml)" -PATH="$(docker run --rm --entrypoint '' "ghcr.io/${action//\/slim@/:slim-}" /bin/sh -c 'echo $PATH')" +tag_name="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml | sed -e 's;/slim@.*;:slim;g')" +tag_version="$(yq '.jobs.build.steps[-1].uses | line_comment' .github/workflows/super-linter.yml)" +PATH="$(docker run --rm --entrypoint '' "ghcr.io/${tag_name}-${tag_version}" /bin/sh -c 'echo $PATH')" echo "PATH=/github/workspace/node_modules/.bin:${PATH}" >>"$GITHUB_ENV"