From dfea24fa3856d631c8e65aa24d6607cc0e141929 Mon Sep 17 00:00:00 2001
From: Masaya Suzuki <15100604+massongit@users.noreply.github.com>
Date: Wed, 16 Oct 2024 10:25:13 +0900
Subject: [PATCH] =?UTF-8?q?Actions=E3=81=AE=E3=83=90=E3=83=BC=E3=82=B8?=
 =?UTF-8?q?=E3=83=A7=E3=83=B3=E3=82=92=E3=82=B3=E3=83=9F=E3=83=83=E3=83=88?=
 =?UTF-8?q?=E3=83=8F=E3=83=83=E3=82=B7=E3=83=A5=E3=81=A7=E5=9B=BA=E5=AE=9A?=
 =?UTF-8?q?=E3=81=99=E3=82=8B=20(#1393)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Pin dependencies

* super-linterのバージョン取得処理修正

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/add-to-task-list.yml             | 4 ++--
 .github/workflows/codeql.yml                       | 8 ++++----
 .github/workflows/create-release.yml               | 4 ++--
 .github/workflows/format-json-yml.yml              | 6 +++---
 .github/workflows/github-actions-cache-cleaner.yml | 4 ++--
 .github/workflows/super-linter.yml                 | 6 +++---
 .github/workflows/update-gitleaks.yml              | 6 +++---
 .github/workflows/update-package.yml               | 6 +++---
 action.yml                                         | 4 ++--
 scripts/super_linter/build/set_path.sh             | 5 +++--
 10 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/add-to-task-list.yml b/.github/workflows/add-to-task-list.yml
index 252cb222..5215d3c9 100644
--- a/.github/workflows/add-to-task-list.yml
+++ b/.github/workflows/add-to-task-list.yml
@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == github.event.pull_request.head.repo.full_name
     steps:
-      - uses: actions/checkout@v4.2.1
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Generate a token
         id: generate_token
-        uses: actions/create-github-app-token@v1.11.0
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
           app-id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }}
           private-key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index cdcb4296..8060512a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -41,10 +41,10 @@ jobs:
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3
       # - run: |
       #     echo "Run, Build Application using script"
       #     ./location_of_script_within_repo/buildscript.sh
@@ -66,6 +66,6 @@ jobs:
 
         #   If the Autobuild fails above, remove it and uncomment the following three lines.
         #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index 906e71b9..d5639a55 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -14,8 +14,8 @@ jobs:
   create-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.2.1
-      - uses: dev-hato/actions-create-release@v0.0.38
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: dev-hato/actions-create-release@c2a40c5aa1affd28467f9d85ab21730396b96167 # v0.0.38
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
 concurrency:
diff --git a/.github/workflows/format-json-yml.yml b/.github/workflows/format-json-yml.yml
index 51171b2a..b05d0a65 100644
--- a/.github/workflows/format-json-yml.yml
+++ b/.github/workflows/format-json-yml.yml
@@ -19,17 +19,17 @@ jobs:
     steps:
       - name: Generate a token
         id: generate_token
-        uses: actions/create-github-app-token@v1.11.0
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
           app-id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }}
           private-key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }}
-      - uses: actions/checkout@v4.2.1
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
           token: ${{ steps.generate_token.outputs.token }}
-      - uses: dev-hato/actions-format-json-yml@v0.0.74
+      - uses: dev-hato/actions-format-json-yml@fb4529a3bce610d82460527c56ff354ed545d1a1 # v0.0.74
         with:
           github-token: ${{ steps.generate_token.outputs.token }}
 concurrency:
diff --git a/.github/workflows/github-actions-cache-cleaner.yml b/.github/workflows/github-actions-cache-cleaner.yml
index 416028e0..4fb13231 100644
--- a/.github/workflows/github-actions-cache-cleaner.yml
+++ b/.github/workflows/github-actions-cache-cleaner.yml
@@ -12,8 +12,8 @@ jobs:
   github-actions-cache-cleaner:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.2.1
-      - uses: dev-hato/github-actions-cache-cleaner@v0.0.54
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: dev-hato/github-actions-cache-cleaner@8885351fba02a9d237a5115d7dff95f2b8fa8078 # v0.0.54
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
 concurrency:
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
index 927cc432..16a67cc5 100644
--- a/.github/workflows/super-linter.yml
+++ b/.github/workflows/super-linter.yml
@@ -39,12 +39,12 @@ jobs:
       # Checkout the code base #
       ##########################
       - name: Checkout Code
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           # Full git history is needed to get a proper list
           # of changed files within `super-linter`
           fetch-depth: 0
-      - uses: actions/setup-node@v4.0.4
+      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         with:
           cache: npm
       - run: bash "${GITHUB_WORKSPACE}/scripts/super_linter/build/set_path.sh"
@@ -52,7 +52,7 @@ jobs:
       # Run Linter against code base #
       ################################
       - name: Lint Code Base
-        uses: super-linter/super-linter/slim@v7.1.0
+        uses: super-linter/super-linter/slim@b92721f792f381cedc002ecdbb9847a15ece5bb8 # v7.1.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DEFAULT_BRANCH: main
diff --git a/.github/workflows/update-gitleaks.yml b/.github/workflows/update-gitleaks.yml
index e865d383..41cc7d00 100644
--- a/.github/workflows/update-gitleaks.yml
+++ b/.github/workflows/update-gitleaks.yml
@@ -17,19 +17,19 @@ jobs:
   update-gitleaks:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.2.1
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
-      - uses: actions/setup-node@v4.0.4
+      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
         with:
           cache: npm
       - name: Install packages
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
         run: npm ci
-      - uses: dev-hato/actions-update-gitleaks@v0.0.79
+      - uses: dev-hato/actions-update-gitleaks@0e9a2d1c25c0acc3108157714109d94ebecbf7cf # v0.0.79
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
 concurrency:
diff --git a/.github/workflows/update-package.yml b/.github/workflows/update-package.yml
index 6f518cdd..101ace3b 100644
--- a/.github/workflows/update-package.yml
+++ b/.github/workflows/update-package.yml
@@ -18,18 +18,18 @@ jobs:
   update-package:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.2.1
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
         with:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
-      - uses: actions/setup-node@v4.0.4
+      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         if: github.event_name != 'pull_request' || github.event.action != 'closed'
         with:
           cache: npm
       - if: github.event_name != 'pull_request' || github.event.action != 'closed'
         run: npm install
-      - uses: dev-hato/actions-diff-pr-management@v1.2.0
+      - uses: dev-hato/actions-diff-pr-management@e5c78b251a69f44f93b2f1398e06b129bcf151ec # v1.2.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           branch-name-prefix: fix-package
diff --git a/action.yml b/action.yml
index cb7bf39a..c1005834 100644
--- a/action.yml
+++ b/action.yml
@@ -12,7 +12,7 @@ runs:
   using: "composite"
   steps:
     - name: Remove pull requests and issues from project
-      uses: actions/github-script@v7.0.1
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
       env:
         PROJECT_URL: ${{ inputs.project-url }}
       with:
@@ -20,7 +20,7 @@ runs:
         script: |
           const script = require('${{ github.action_path }}/scripts/action/remove_prs_and_issues.js')
           await script({github})
-    - uses: actions/add-to-project@v1.0.2
+    - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
       with:
         project-url: ${{ inputs.project-url }}
         github-token: ${{ inputs.github-token }}
diff --git a/scripts/super_linter/build/set_path.sh b/scripts/super_linter/build/set_path.sh
index e2422e23..7775ce05 100755
--- a/scripts/super_linter/build/set_path.sh
+++ b/scripts/super_linter/build/set_path.sh
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 
 npm ci
-action="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml)"
-PATH="$(docker run --rm --entrypoint '' "ghcr.io/${action//\/slim@/:slim-}" /bin/sh -c 'echo $PATH')"
+tag_name="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml | sed -e 's;/slim@.*;:slim;g')"
+tag_version="$(yq '.jobs.build.steps[-1].uses | line_comment' .github/workflows/super-linter.yml)"
+PATH="$(docker run --rm --entrypoint '' "ghcr.io/${tag_name}-${tag_version}" /bin/sh -c 'echo $PATH')"
 echo "PATH=/github/workspace/node_modules/.bin:${PATH}" >>"$GITHUB_ENV"